189 matches found
PT-2025-41355
Name of the Vulnerable Software and Affected Versions Lisfinity Core plugin for WordPress versions prior to 1.4.1 Description The Lisfinity Core plugin for WordPress is susceptible to privilege escalation. An authenticated attacker with Subscriber-level access or higher can modify passwords for a...
WordPress plugin Lisfinity Core 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
EUVD-2013-0032
Malware in sbrugna...
EUVD-2018-8192
Malware in sbrugna...
EUVD-2018-20875
Malware in sbrugna...
EUVD-2020-2115
Malware in sbrugna...
EUVD-2023-2183
Malicious code in bioql PyPI...
EUVD-2022-0541
Malicious code in bioql PyPI...
EUVD-2024-42679
Malicious code in bioql PyPI...
EUVD-2025-12129
Malicious code in bioql PyPI...
EUVD-2025-32289
Malicious code in bioql PyPI...
CVE-2025-9213 TextBuilder 1.0.0 - 1.1.1 - Cross-Site Request Forgery to Privilege Escalation via Account Takeover
The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1.0.0 to 1.1.1. This is due to missing or incorrect nonce validation on the 'handleToken' function. This makes it possible for unauthenticated attackers to update a user's authorization token via a forged...
NeuVector has an insecure password storage and is vulnerable to rainbow attack
Impact NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack offline attack where hashes of known passwords are precomputed. NeuVector generates a cryptographically secure, random 16-character salt and uses it with the PBKDF2...
PT-2025-35110
Name of the Vulnerable Software and Affected Versions: NeuVector versions 5.0.0 through 5.4.5 Description: NeuVector stores user passwords and API keys using a simple, unsalted hash, making it vulnerable to rainbow table attacks. The software generates a cryptographically secure, random...
CVE-2025-3671
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrar...
CVE-2025-3671
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrar...
Church Donation System update_password_admin.php File SQL Injection Vulnerability
The Church Donation System is a system of church giving. The Church Donation System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter newpassword in the file /members/updatepasswordadmin.php against an externally entered SQL statement. An...
jshERP 授权问题漏洞
jshERP Huaxia ERP is a homegrown ERP system by the individual developer of China's Ji Sheng Hua. An authorization issue vulnerability exists in jshERP 3.5 and earlier versions, which stems from a weak password recovery due to incorrect operation of the file /jshERP-boot/user/updatePwd...
CVE-2025-7859
A vulnerability classified as critical was found in code-projects Church Donation System 1.0. This vulnerability affects unknown code of the file /members/updatepasswordadmin.php. The manipulation of the argument newpassword leads to sql injection. The attack can be initiated remotely. The exploi...
CVE-2025-3740
CVE-2025-3740 affects the WordPress plugin School Management System for Wordpress. It allows authenticated users with Subscriber+ privileges to perform Local File Inclusion via the page parameter, enabling arbitrary PHP file inclusion/execution and potentially password-change-based privilege esca...