57 matches found
CVE-2025-68844
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DaleAB Membee Login membees-member-login-widget allows Reflected XSS.This issue affects Membee Login: from n/a through = 2.3.6...
CVE-2025-68844 WordPress Membee Login plugin <= 2.3.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DaleAB Membee Login membees-member-login-widget allows Reflected XSS.This issue affects Membee Login: from n/a through = 2.3.6...
CVE-2025-68844 WordPress Membee Login plugin <= 2.3.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DaleAB Membee Login membees-member-login-widget allows Reflected XSS.This issue affects Membee Login: from n/a through = 2.3.6...
CVE-2020-36875
AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the loginerror parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web...
CVE-2020-36875
AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the loginerror parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web...
CVE-2020-36875
AccessAlly WordPress plugin
CVE-2020-36875 AccessAlly < 3.3.2 Unauthenticated Arbitrary PHP Code Execution
AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the loginerror parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web...
EUVD-2025-7878
Malicious code in bioql PyPI...
EUVD-2025-8320
Malicious code in bioql PyPI...
EUVD-2024-52381
Malicious code in bioql PyPI...
EUVD-2025-19622
Malicious code in bioql PyPI...
EUVD-2025-30305
Malicious code in bioql PyPI...
CVE-2025-9887
The Custom Login And Signup Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in the /frndzkadminclsw.php file. This makes it possible for unauthenticated attackers to change the...
CVE-2025-9887
The Custom Login And Signup Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in the /frndzkadminclsw.php file. This makes it possible for unauthenticated attackers to change the...
WordPress Custom Login And Signup Widget plugin <= 1.0 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by sk4r1 in WordPress Plugin Custom Login And Signup Widget versions = 1.0...
PT-2025-38636
Name of the Vulnerable Software and Affected Versions Custom Login And Signup Widget versions prior to 1.0 Description The Custom Login And Signup Widget plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in the /frndzk adminclsw.php fil...
WordPress plugin Custom Login And Signup Widget 跨站请求伪造漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an...
CVE-2025-49029
Improper Control of Generation of Code 'Code Injection' vulnerability in bitto.kazi Custom Login And Signup Widget custom-login-and-signup-widget allows Code Injection.This issue affects Custom Login And Signup Widget: from n/a through = 1.0...
CVE-2025-49029 WordPress Custom Login And Signup Widget plugin <= 1.0 - Arbitrary Code Execution vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in bitto.Kazi Custom Login And Signup Widget allows Code Injection.This issue affects Custom Login And Signup Widget: from n/a through 1.0...
PT-2025-27528 · Unknown · Bitto.Kazi Custom Login/Signup Widget
Name of the Vulnerable Software and Affected Versions: bitto.Kazi Custom Login And Signup Widget versions 1.0 and earlier Description: The issue is related to an Improper Control of Generation of Code 'Code Injection' vulnerability, which allows Code Injection. This vulnerability can potentially...