Malicious code in vast_zebra_dumbs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 451e55b8cdb218c2c5058acbc06096eb77e4f17c0d0f87f1ad752da16ac847d7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hollow_mosquito_0xrequest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dba94db2447a6e736219cdf3bd637aeee307a48d10542b45abacc8319d3bf21d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tasty_cardinal_dumbs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d6d7042482402b3b24a95fa30e0e936a25a249643bd8b0f5a375a43939480e0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-107703 Malicious code in rainy_tortoise_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be04aaa391c12bd6d586f92ad274b8260a23aafd81624ec66c3ae715bc2cd041 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tiara-rawon42-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76d64a23df2002f08d9bf2ec529c54c5d09246a5a579cd4e9dc921624cf04637 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-108033 Malicious code in riana-nasi62-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05b50574c09d0f768908483af0506862c7ee39b902fc270dba6bfd0e03a8733d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in specific_dragon_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 024bf17c38f3a243f8faa6b81dd306cb49ec833ffc1a4df95fe68fe997fc6794 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in thundering_seahorse_requirement (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b72056037ccabf33fa2e25a113fcd6d7aa48dc6effcced523b869201f622e7b5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in qori-bakwan74-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c25ccf9a40c52095cb8303ff6756cd670f80963a5bc7d6e88519c498948bdcf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in agreeable_boar_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4053b8b4e6df0324ac428627540038bcffe278fd267f26c5eebe36476a91488 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lina-rujak43-crottsekebon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 204e97b52a8d10368adaf8c7c93455a1c484afa489bfe7b10a448a06999cb705 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-85696 Malicious code in free_moth_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e87ab434b021c3e11c8134ede79284764139c2ee79d73628c91a55121ec70513 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-83113 Malicious code in agus-ubi33-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac7b81a7496fef0c12f7d192dd8ccc6655376a12ae2cfe7b360b1371182cc5c8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-12126

The The Total Book Project plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0 via several functions due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access a...

MAL-2025-76696 Malicious code in ade-gepuk24-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a1c7c3690dc172eebf056986bb8239907122b95fa1b2bcbb8a41bc686158186 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-76808 Malicious code in andi-bakwan53-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60b42ecbfca712e217480d6ec169cf43b5483fc7b96e5d25593c66aeb76d2037 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in wibowo-menjes85-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98ad4e6a93fb5695e059d975f20eaf6eb23857177e2474b7cc278c76d35f70e3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-78745 Malicious code in hendra-brengkes46-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b033538cc9dcbce79cdb4555e1f6cc506c5fd7d38826ba4b4f5398f4bfe2189 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-78822 Malicious code in historical_gazelle_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee5050e824f8a604d06085c4e7cc5fb19358f72117f9129d25702b612c746b3b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-12126 The Total Book Project <= 1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Book Manipulation

The The Total Book Project plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0 via several functions due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access a...