CVE-2026-3601 User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modification

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the embedformaction function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Contributor-level acce...

CVE-2025-12027

The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...

CVE-2025-12027

The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...

CVE-2025-12027 Mesmerize Companion <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update

The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...

CVE-2025-12027 Mesmerize Companion <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update

The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...

CVE-2023-53891

Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised page...

CVE-2023-53891 Blackcat CMS 1.4 Stored Cross-Site Scripting via Page Modification

Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised page...

CVE-2023-53891 Blackcat CMS 1.4 Stored Cross-Site Scripting via Page Modification

Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised page...

CVE-2023-53891

Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability exploitable by authenticated users via the page modification interface. Malicious JavaScript payloads inserted into page content can execute when other users view the affected page. Root cause and impact are as described in con...

EUVD-2009-4839

Malware in sbrugna...

EUVD-2020-24616

Malware in sbrugna...

EUVD-2002-1410

Malware in sbrugna...

EUVD-2000-0434

Malware in sbrugna...

EUVD-2009-1432

Malware in sbrugna...

EUVD-2022-29674

Malicious code in bioql PyPI...

EUVD-2024-50625

Malicious code in bioql PyPI...

EUVD-2022-29672

Malicious code in bioql PyPI...

CVE-2024-5890

ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticated user to modify a web page or redirect users to another website. ServiceNow released updates to customers that addressed this...

CVE-2022-29950

Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the 1 rule name parameter to the Rules page or the 2 subrule name or 3 categories name parameter to the Subrules page. NOTE: the vendor disputes this because version 1.16 has never existed...

CVE-2024-12142

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure of restricted web page, modification of web page and denial of service when specific web pages are modified and restricted functions are invoked...