453 matches found
WordPress plugin reCaptcha by WebDesignBy 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-4133 TextP2P Texting Widget <= 1.7 - Cross-Site Request Forgery to Settings Update
The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.7. This is due to missing nonce validation in the imTextP2POptionPage function which processes settings updates. The form at line 314 does not include a wpnoncefield,...
GHSA-XFQJ-3VMX-63WV File Browser vulnerable to Stored Cross-site Scripting via text/template branding injection
Summary The SPA index page in File Browser is vulnerable to Stored Cross-site Scripting XSS via admin-controlled branding fields. An admin who sets branding.name to a malicious payload injects persistent JavaScript that executes for ALL visitors, including unauthenticated users. Details...
File Browser vulnerable to Stored Cross-site Scripting via text/template branding injection
Summary The SPA index page in File Browser is vulnerable to Stored Cross-site Scripting XSS via admin-controlled branding fields. An admin who sets branding.name to a malicious payload injects persistent JavaScript that executes for ALL visitors, including unauthenticated users. Details...
PT-2026-29427
Name of the Vulnerable Software and Affected Versions: File Browser versions prior to 2.62.2 Description: File Browser versions prior to 2.62.2 are susceptible to Stored Cross-Site Scripting XSS via admin-controlled branding fields. An administrator setting the branding.name field to a malicious...
CVE-2026-1860
The Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.8. This is due to the getitemspermissionscheck permission callback on the /kaliforms/v1/forms/id REST API endpoint only checking for the editposts capability without...
CVE-2026-1860
The Kali Forms WordPress plugin (versions
CVE-2026-1054
The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rmsetotp AJAX action handler. This makes it possible for unauthenticated attackers to modify arbitrar...
EUVD-2026-4918
The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rmsetotp AJAX action handler. This makes it possible for unauthenticated attackers to modify arbitrar...
CVE-2026-1054 RegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings Modification
The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rmsetotp AJAX action handler. This makes it possible for unauthenticated attackers to modify arbitrar...
PT-2026-5078
The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rm set otp AJAX action handler. This makes it possible for unauthenticated attackers to modify...
Malicious Package
Overview recaptcha-cors is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2026-3765
Malicious code in recaptcha-cors npm...
Malicious code in recaptcha-cors (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79037ac310e3ba605ade8d6657ea9fd4d8261583079397795e7afccbf432a4fd The package recaptcha-cors was found to contain malicious code. Source: ghsa-malware 4936a94d5d7ed5509cecba8ba4b13b5d37ff1f114318c83e868dc6e5627818be...
MAL-2026-397 Malicious code in recaptcha-cors (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79037ac310e3ba605ade8d6657ea9fd4d8261583079397795e7afccbf432a4fd The package recaptcha-cors was found to contain malicious code. Source: ghsa-malware 4936a94d5d7ed5509cecba8ba4b13b5d37ff1f114318c83e868dc6e5627818be...
CVE-2018-21012
The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS...
CVE-2025-1262
The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in Math Captcha Verification...
WordPress Advanced Google reCAPTCHA plugin <= 1.29 - Authenticated (Subscriber+) Limited SQL Injection via 'sSearch' Parameter vulnerability
Authenticated Subscriber+ Limited SQL Injection via 'sSearch' Parameter vulnerability discovered by Muhamad Visat in WordPress Plugin Advanced Google reCAPTCHA versions = 1.29...
EUVD-2025-204863
Malicious code in @googlerecaptcha/js npm...
Malicious code in @google_recaptcha/js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd0346120a6f0d866aebe59ca9ae06c02e28849fc3840a412edcc81a2ab54ded The package @googlerecaptcha/js was found to contain malicious code. Source: ghsa-malware...