155 matches found
EUVD-2023-31037
Malicious code in bioql PyPI...
EUVD-2025-6681
Malicious code in bioql PyPI...
EUVD-2024-21259
Malicious code in bioql PyPI...
EUVD-2025-15161
Malicious code in bioql PyPI...
EUVD-2024-50552
Malicious code in bioql PyPI...
EUVD-2024-16941
Malicious code in bioql PyPI...
CVE-2025-6348
CVE-2025-6348 affects WordPress Smart Slider 3 plugin. All versions up to and including 3.5.1.28 are vulnerable to a time-based SQL Injection via the sliderid parameter, caused by insufficient escaping of user input and inadequate preparation of the existing SQL query. This allows authenticated a...
CVE-2025-8009 Security Ninja – Secure Firewall & Secure Malware Scanner - 5.201 - 5.242 - Authenticated (Administrator+) Arbitrary File Read
The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.242 via the 'getfilesource' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to extra...
PT-2025-30640 · WordPress · The Security Ninja – Wordpress Security Plugin & Firewall
Name of the Vulnerable Software and Affected Versions: The Security Ninja – WordPress Security Plugin & Firewall versions prior to 5.243 Description: The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is susceptible to an arbitrary file read issue. This allows...
CVE-2025-41458
CVE-2025-41458 concerns unencrypted storage in the iOS app Two App Studio Journey v5.5.9, allowing local attackers with direct filesystem access to extract sensitive data. The NVD entry lists a CVSS v3.1 base score 5.5 (MEDIUM) , with LOCAL attack vector, LOW attack complexity, and HIGH confident...
CVE-2025-6717
CVE-2025-6717 affects the B1.lt for WooCommerce plugin (WordPress). The vulnerability is an authenticated SQL Injection via the id parameter in versions up to and including 2.2.56, caused by insufficient escaping of user input and lack of proper SQL query preparation. Exploitation requires Subscr...
CVE-2025-4593
The CVE describes a vulnerability in the WordPress plugin WP Register Profile With Shortcode (versions ≤ 3.6.2) that allows authenticated attackers with Contributor-level access or higher to expose sensitive user meta data via the rp_user_data shortcode. Impact noted includes exposure of hashed p...
CVE-2025-6970
Summary: CVE-2025-6970 affects the WordPress plugin “Events Manager” (<= 7.0.3). The vulnerability is a time-based SQL Injection via the orderby parameter caused by insufficient escaping and inadequate query preparation. This allows unauthenticated attackers to append arbitrary SQL to existing...
CVE-2025-6782
The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...
CVE-2025-6782 GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via dirGZActiveForm()
The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...
CVE-2025-6783 GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via emdedSc()
The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
CVE-2025-6437 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated SQL Injection via oid
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘oid’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...
PT-2025-27587 · WordPress · The Ads Pro Plugin
Name of the Vulnerable Software and Affected Versions: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin versions up to, and including, 4.89 Description: The issue allows for SQL Injection via the id variable of the getSpace function due to insufficient escaping on the...
CVE-2025-5487
The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the fieldconditions parameter in all versions up to, and including, 5.2.3 due to insufficient escaping on the user supplied...
PT-2025-24041 · WordPress · Wp-Addpub
Name of the Vulnerable Software and Affected Versions: WP-Addpub plugin for WordPress versions 1.2.8 and earlier Description: The issue allows authenticated attackers with Contributor-level access or higher to inject SQL queries via the 'wp-addpub' shortcode. This is due to insufficient escaping ...