CVE-2025-14447

The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the annfuresetoptions function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and...

WordPress plugin SiteSEO 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An authorizati...

CVE-2025-10645

The WP Reset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.05 via the WFLicensing::log method when debugging is enabled default. This makes it possible for unauthenticated attackers to extract sensitive license key and site data...

CVE-2025-10645 WP Reset <= 2.05 - Unauthenticated Sensitive Information Exposure via wf-licensing.log

The WP Reset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.05 via the WFLicensing::log method when debugging is enabled default. This makes it possible for unauthenticated attackers to extract sensitive license key and site data...

WordPress plugin WP Reset 日志信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A log...

PT-2025-40973

Name of the Vulnerable Software and Affected Versions WP Reset versions prior to 2.06 Description The WP Reset plugin for WordPress is susceptible to exposure of sensitive information in all versions up to and including 2.05. This occurs through the WF Licensing::log method when debugging is...

WordPress WP Reset plugin <= 2.05 - Unauthenticated Sensitive Information Exposure via wf-licensing.log vulnerability

Unauthenticated Sensitive Information Exposure via wf-licensing.log vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP Reset versions = 2.05...

EUVD-2025-29845

Malicious code in bioql PyPI...

EUVD-2025-32270

Malicious code in bioql PyPI...

EUVD-2024-32830

Malicious code in bioql PyPI...

WordPress plugin Optimize More! – CSS 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Optimize...

CVE-2024-4661

The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the val...

CVE-2023-6799

The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data...

CVE-2021-24424

The WP Reset – Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extradata parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue...

WordPress Widgets Reset plugin <= 0.1 - Settings Update via CSRF vulnerability

Settings Update via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin Widgets Reset versions = 0.1...

CVE-2024-8082

The Widgets Reset WordPress plugin through 0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-8082

The Widgets Reset WordPress plugin through 0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-8082

The Widgets Reset WordPress plugin (versions ≤ 0.1) contains a CSRF flaw in the settings update path caused by missing CSRF protection. This could enable a logged-in administrator to alter settings via a CSRF attack. Public materials identify the affected version, but none provide a confirmed pat...

PT-2025-21510 · WordPress · Widgets Reset

Name of the Vulnerable Software and Affected Versions: Widgets Reset WordPress plugin versions 0.1 and earlier Description: The issue concerns a lack of CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Recommendations: For...

CVE-2024-13684

The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the resetdbpage function. This makes it possible for unauthenticated attackers to reset several tables in the database like...