CVE-2025-55449

AstrBotDevs AstrBot 3.5.15 has AdvancedSystemforTextResponseandBotOperationsTool as the hardcoded private key used to sign a JWT...

WordPress WPBot Pro Wordpress Chatbot plugin <= 13.5.5 - Missing Authorization to Authenticated (Subscriber+) Simple Text Response Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Simple Text Response Creation vulnerability discovered by BrokenAC ignore in WordPress Plugin WPBot Pro Wordpress Chatbot versions = 13.5.5...

ChatBot < 4.4.9 - Unauthenticated Stored XSS

The plugin does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard curl -X POST --data 'qcbotstrweight=" style=animation-name:rotation...

Marktplaats: Content Spoofing - http://aanbieding.marktplaats.nl/wp-admin/admin-ajax.php

Hello, Content spoofing, also referred to as content injection or virtual defacement, is an attack targeting a user made possible by injection vulnerability in a web application. When an application does not properly handle user supplied data, an attacker can supply content to a web application,...