CVE-2025-13382 Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming

The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes i...

WordPress plugin Pet-Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

WordPress Booking Manager plugin cross-site scripting vulnerability

WordPress Booking Manager plugin is a tool for managing appointments and schedules, supporting features such as synchronization with external ICS calendars, importing events and exporting booking data. A cross-site scripting vulnerability exists in the WordPress Booking Manager plugin, which stem...

WordPress WP Manager plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress WP Manager plugin, which arises from a web application that does not adequately validate that a request is...

CVE-2025-64275 WordPress Booking Manager plugin <= 2.1.17 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: from n/a through = 2.1.17...

CVE-2025-12538

The Fleet Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and abov...

WordPress plugin Fleet Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-46276

Name of the Vulnerable Software and Affected Versions Fleet Manager plugin for WordPress versions prior to 2.5.1 Description The Fleet Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allows...

CVE-2025-12177

CVE-2025-12177 affects the WordPress Download Manager plugin (versions ≤ 3.3.30). The root cause is a hardcoded Cron key that enables unauthenticated triggering of deleteExpired() and clearTempDataCPCron(). This can lead to deletion of expired posts and clearing of cache. The vulnerability is con...

CVE-2025-60245 WordPress WP User Manager plugin <= 2.9.12 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through = 2.9.12...

WordPress plugin EM Beer Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

Ansible does not collect garbage after playbook run

A flaw was found in Ansible Base when using the awsssm connection plugin as its garbage collector is not happening after the playbook run is completed. Files would remain in the bucket exposing the data. This issue directly affects data confidentiality...

CVE-2025-62169

OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...

PT-2025-43530

Name of the Vulnerable Software and Affected Versions OctoPrint-SpoolManager versions 1.7.7 and older OctoPrint-SpoolManager versions 1.8.0a2 and older Description The APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks. This allows unauthoriz...

EUVD-2025-33661

The Booking Manager WordPress plugin before 2.1.15 registers a shortcode that deletes bookings and makes that shortcode available to anyone with contributor and above privileges. When a page containing the shortcode is visited, the bookings are deleted...

PT-2025-41504

Name of the Vulnerable Software and Affected Versions The Booking Manager WordPress plugin versions prior to 2.1.15 Description The Booking Manager WordPress plugin has an issue where a shortcode capable of deleting bookings is registered and accessible to users with contributor privileges or...

EUVD-2021-25697

Malware in sbrugna...

EUVD-2019-6779

Malware in sbrugna...

EUVD-2017-9172

Malware in sbrugna...

EUVD-2020-22797

Malware in sbrugna...