712 matches found
EUVD-2025-25069
Malicious code in bioql PyPI...
EUVD-2022-52001
Malicious code in bioql PyPI...
EUVD-2022-51977
Malicious code in bioql PyPI...
EUVD-2022-51822
Malicious code in bioql PyPI...
EUVD-2023-12476
Malicious code in bioql PyPI...
EUVD-2023-12350
Malicious code in bioql PyPI...
EUVD-2023-12160
Malicious code in bioql PyPI...
EUVD-2024-17421
Malicious code in bioql PyPI...
CVE-2025-9859
The Fintelligence Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fintelligence-calculator' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-9129
CVE-2025-9129 describes a Stored Cross-Site Scripting flaw in the WordPress Flexi plugin (up to version 4.28) via the flexi-form-tag shortcode. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, allowing authenticated attackers with contributor-...
CVE-2025-9859 Fintelligence Calculator <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Fintelligence Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fintelligence-calculator' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-9199 Woo superb slideshow transition gallery with random effect <= 9.1 - Authenticated (Contributor+) SQL Injection
The Woo superb slideshow transition gallery with random effect plugin for WordPress is vulnerable to SQL Injection via the 'woo-superb-slideshow' shortcode in all versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
CVE-2025-9199 Woo superb slideshow transition gallery with random effect <= 9.1 - Authenticated (Contributor+) SQL Injection
The Woo superb slideshow transition gallery with random effect plugin for WordPress is vulnerable to SQL Injection via the 'woo-superb-slideshow' shortcode in all versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
CVE-2025-10192
CVE-2025-10192 – WP Photo Effects (WordPress) is an authenticated Stored XSS vulnerability in the wppe_effect shortcode affecting all versions up to 1.2.4. The issue arises from insufficient input sanitization and output escaping on user-supplied shortcode attributes, allowing an attacker with co...
CVE-2025-10192 WP Photo Effects <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP Photo Effects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wppeeffect' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-9876
CVE-2025-9876 affects the WordPress Ird Slider plugin (versions ≤ 1.0.2). It is a stored XSS due to insufficient input sanitization and output escaping on the irdslider shortcode attributes, exploitable by authenticated attackers with contributor-level access or higher. The impact is arbitrary sc...
CVE-2025-9198 Wp cycle text announcement <= 8.1 - Authenticated (Contributor+) SQL Injection
The Wp cycle text announcement plugin for WordPress is vulnerable to SQL Injection via the 'cycle-text' shortcode in all versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2025-9852
The Yoga Schedule Momoyoga plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'momoyoga-schedule' shortcode in all versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
CVE-2025-10191
The Big Post Shipping for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wooboigpostshippingstatus' shortcode in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2025-10182
The dbview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dbview' shortcode in all versions up to, and including, 0.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...