EUVD-2026-29899

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

Malicious code in random_chameleon_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e78c123a549e5d10b15de1eab2347b81198e47399b00741d0c864d41b851309b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...