290 matches found
CVE-2025-12481
The vulnerability CVE-2025-12481 affects the WP Duplicate Page plugin for WordPress (versions up to 1.7). Root cause: Missing authorization checks in saveSettings allow authenticated users with Contributor+ privileges to modify plugin settings that control capabilities, enabling them to duplicate...
CVE-2025-12481 WP Duplicate Page <= 1.7 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure
The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated...
PT-2025-47281
Name of the Vulnerable Software and Affected Versions WP Duplicate Page plugin versions prior to 1.8 Description The WP Duplicate Page plugin for WordPress is affected by a missing authorization issue. The plugin does not properly verify user authorization to perform actions within the saveSettin...
CVE-2025-11377
The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...
CVE-2025-11377
The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...
CVE-2025-11377
The CVE-2025-11377 case is supported by multiple connected sources: WordPress List category posts plugin 0.92.0) or follow vendor advisories for fixes. Monitor for updates from CVE databases and the plugin maintainers to confirm remediation efficacy.
CVE-2025-11377 List category posts <= 0.92.0 - Authenticated (Contributor+) Information Exposure
The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...
PT-2025-44703
Name of the Vulnerable Software and Affected Versions WordPress List category posts plugin versions prior to 0.92.0 Description The List category posts plugin for WordPress has an information exposure issue due to insufficient restrictions on posts included by the 'catlist' shortcode. This allows...
CVE-2025-11701
The Zip Attachments plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check as well as missing post status validation in the zacreatezipcallback function in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to...
CVE-2025-11701
CVE-2025-11701 refers to the WordPress plugin Zip Attachments (versions
CVE-2025-11701 Zip Attachments <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure
The Zip Attachments plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check as well as missing post status validation in the zacreatezipcallback function in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to...
CVE-2025-11701 Zip Attachments <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure
The Zip Attachments plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check as well as missing post status validation in the zacreatezipcallback function in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to...
WordPress Zip Attachments plugin <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure vulnerability
Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Zip Attachments versions = 1.6...
EUVD-2024-16389
Malicious code in bioql PyPI...
EUVD-2025-27058
Malicious code in bioql PyPI...
EUVD-2023-54537
Malicious code in bioql PyPI...
EUVD-2024-31902
Malicious code in bioql PyPI...
EUVD-2024-16385
Malicious code in bioql PyPI...
EUVD-2025-25001
Malicious code in bioql PyPI...
EUVD-2024-17700
Malicious code in bioql PyPI...