CVE-2026-9822 WP Hotel Booking < 2.3.1 - Subscriber+ Missing Authorization in Multiple AJAX Handlers

The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of its AJAX handlers, allowing authenticated users with Subscriber-level access to read other users' booking line items, enumerate active coupons, and read pricing data...

CVE-2023-4994

The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server...

CVE-2020-36854 Async JavaScript <= 2.19.07.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Async JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.19.07.14. This is due to missing authorization checks on the ajsteps AJAX aciton along with a lack on sanitization on the settings saved via the function. This makes it...

EUVD-2021-11545

Malware in sbrugna...

EUVD-2019-6600

Malware in sbrugna...

EUVD-2023-54113

Malicious code in bioql PyPI...

EUVD-2023-12747

Malicious code in bioql PyPI...

EUVD-2023-12819

Malicious code in bioql PyPI...

EUVD-2023-57702

Malicious code in bioql PyPI...

EUVD-2023-33931

Malicious code in bioql PyPI...

EUVD-2023-34035

Malicious code in bioql PyPI...

EUVD-2024-49985

Malicious code in bioql PyPI...

EUVD-2023-24098

Malicious code in bioql PyPI...

EUVD-2022-51842

Malicious code in bioql PyPI...

EUVD-2023-34222

Malicious code in bioql PyPI...

EUVD-2023-34026

Malicious code in bioql PyPI...

EUVD-2023-54824

Malicious code in bioql PyPI...

EUVD-2023-12743

Malicious code in bioql PyPI...

EUVD-2023-57750

Malicious code in bioql PyPI...

EUVD-2023-57700

Malicious code in bioql PyPI...