24 matches found
CVE-2026-25015
Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.53...
CVE-2026-25015
Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.53...
EUVD-2026-5257
Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.53...
CVE-2026-25015
Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.53...
CVE-2025-67593
Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.48...
CVE-2025-67593
Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.48...
EUVD-2025-202060
Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.48...
PT-2025-49967
Name of the Vulnerable Software and Affected Versions UsersWP versions through 1.2.48 Description The UsersWP plugin contains a Cross-Site Request Forgery CSRF flaw. This allows attackers to potentially perform actions on behalf of an authenticated user without their knowledge. The issue impacts...
EUVD-2025-198471
Missing Authorization vulnerability in Stiofan UsersWP userswp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through = 1.2.47...
CVE-2025-66072
Missing Authorization vulnerability in Stiofan UsersWP userswp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through = 1.2.47...
EUVD-2025-17217
Malicious code in bioql PyPI...
EUVD-2025-5617
Malicious code in bioql PyPI...
CVE-2025-30951
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Stiofan BlockStrap Page Builder - Bootstrap Blocks blockstrap-page-builder-blocks allows Stored XSS.This issue affects BlockStrap Page Builder - Bootstrap Blocks: from n/a through = 0.1.36...
CVE-2025-30951
CVE-2025-30951 : Stored XSS in BlockStrap Page Builder – Bootstrap Blocks for WordPress. The vulnerability arises from improper neutralization of input during web page generation, enabling malicious scripts to be stored and potentially executed in victims’ browsers. Affected product: BlockStrap P...
PT-2025-24173 · Unknown · Stiofan Blockstrap Page Builder
Name of the Vulnerable Software and Affected Versions: Stiofan BlockStrap Page Builder - Bootstrap Blocks versions 0.1.36 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS...
CVE-2024-43973
Missing Authorization vulnerability in Stiofan GetPaid invoicing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetPaid: from n/a through = 2.8.11...
WordPress FooGallery plugin <= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates vulnerability
Insecure Direct Object Reference to Authenticated Custom+ Arbitrary Post/Page Updates vulnerability discovered by Stiofan in WordPress Plugin FooGallery versions = 2.4.29...
WordPress FooGallery plugin <= 2.4.29 - Authenticated (Custom+) Stored Cross-Site Scripting via Album Title Size vulnerability
Authenticated Custom+ Stored Cross-Site Scripting via Album Title Size vulnerability discovered by Stiofan in WordPress Plugin FooGallery versions = 2.4.29...
CVE-2025-26967
Deserialization of Untrusted Data vulnerability in Stiofan Events Calendar for GeoDirectory events-for-geodirectory allows Object Injection.This issue affects Events Calendar for GeoDirectory: from n/a through = 2.3.14...
CVE-2025-26967
Deserialization of Untrusted Data vulnerability in Stiofan Events Calendar for GeoDirectory events-for-geodirectory allows Object Injection.This issue affects Events Calendar for GeoDirectory: from n/a through = 2.3.14...