EUVD-2025-12328

Malicious code in bioql PyPI...

CVE-2025-9623 Admin in English with Switch <= 1.1 - Cross-Site Request Forgery

The Admin in English with Switch plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the enableeng function. This makes it possible for unauthenticated attackers to modify administrator...

WordPress Admin in English with Switch plugin <= 1.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Claw.k in WordPress Plugin Admin in English with Switch versions = 1.1...

PT-2025-37146

The Admin in English with Switch plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the enable eng function. This makes it possible for unauthenticated attackers to modify administrato...

CVE-2023-2546

The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpusallowusertoadminbarmenu' function with the 'wpuswhoswitch' cookie value. This makes it possible for authenticated...

CVE-2025-3814

The Tax Switch for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class-name’ parameter in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-3814

CVE-2025-3814 affects the Tax Switch for WooCommerce WordPress plugin. A stored cross-site scripting vulnerability exists in the class-name parameter in all versions up to and including 1.4.2 due to insufficient input sanitization and output escaping. Exploitation requires authentication at Contr...

CVE-2025-3814 Tax Switch for WooCommerce <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via class-name Parameter

The Tax Switch for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class-name’ parameter in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress WP User Switch plugin <= 1.1.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by thiennv Patchstack Alliance in WordPress Plugin WP User Switch versions = 1.1.2...

Maintenance Switch <= 1.5.2 - Theme Files Creation/Deletion via CSRF

Description The plugin does not have CSRF checks when creating and deleting theme files as well as reseting settings, which could allow attackers to make logged in admins perform such actions via CSRF attacks...

CVE-2023-29235

Cross-Site Request Forgery CSRF vulnerability in Fugu Maintenance Switch plugin = 1.5.2 versions...

CVE-2023-29235 WordPress Maintenance Switch Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Fugu Maintenance Switch plugin = 1.5.2 versions...

Authentication flaw

The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpusallowusertoadminbarmenu' function with the 'wpuswhoswitch' cookie value. This makes it possible for authenticated...

CVE-2023-2546 WP User Switch <= 1.0.2 - Authenticated (Subscriber+) Authentication Bypass via Cookie

The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpusallowusertoadminbarmenu' function with the 'wpuswhoswitch' cookie value. This makes it possible for authenticated...

WordPress plugin WP User Switch 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress WP User Switch Plugin <= 1.0.2 is vulnerable to Bypass Vulnerability

Software WP User Switch Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A2: Broken Authentication Classification Bypass Vulnerability CVE CVE-2023-2546 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID d69f4769545f Credits István Márton Required privile...

CVE-2022-47590 WordPress Maintenance Switch Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Fugu Maintenance Switch plugin = 1.5.2 versions...

Wordpress plugin Maintenance Switch 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...