EUVD-2025-8115

Malicious code in bioql PyPI...

EUVD-2024-28996

Malicious code in bioql PyPI...

EUVD-2024-50761

Malicious code in bioql PyPI...

PT-2025-37015

Name of the Vulnerable Software and Affected Versions: Duplicate Page and Post plugin for WordPress versions prior to 2.9.5 Description: The Duplicate Page and Post plugin for WordPress is susceptible to time-based SQL Injection via the meta key parameter. Insufficient escaping of user-supplied...

CVE-2025-5800

The Testimonial Post type plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

CVE-2025-5800

The Testimonial Post type plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

CVE-2025-52784 WordPress Bluff Post plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in hideoguchi Bluff Post bluff-post allows Stored XSS.This issue affects Bluff Post: from n/a through = 1.1.1...

WordPress plugin Event post 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-1376

The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing capability check on the savebulkdatas function in all versions up to, and including, 5.9.4. This makes it possible for authenticated attackers, with subscriber access or higher, to update...

CVE-2022-4946

The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain...

CVE-2020-8799

A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for all the users visiting the website...

CVE-2014-10379

The duplicate-post plugin before 2.6 for WordPress has SQL injection...

WordPress plugin Event post 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability exis...

CVE-2025-32583 WordPress PDF 2 Post Plugin <= 2.4.0 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in termel PDF 2 Post pdf2post allows Remote Code Inclusion.This issue affects PDF 2 Post: from n/a through = 2.4.0...

CVE-2025-2805 ORDER POST <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution

The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-2805 ORDER POST <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution

The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

PT-2025-15921 · WordPress · Order Post

Name of the Vulnerable Software and Affected Versions: ORDER POST plugin for WordPress versions up to, and including, 2.0.2 Description: The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution due to the software allowing users to execute an action that does not properl...

CVE-2025-2167

The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eventslist' shortcodes in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-26923 WordPress Event post plugin <= 5.9.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Event post event-post allows Stored XSS.This issue affects Event post: from n/a through = 5.9.8...

CVE-2025-2167

CVE-2025-2167 pertains to the WordPress plugin Event post. It enables a Stored Cross-Site Scripting (XSS) via the plugin’s events_list shortcode in all versions up to and including 5.9.9, due to insufficient input sanitization and output escaping on user-supplied attributes. The vulnerability req...