EUVD-2025-27632

Malicious code in bioql PyPI...

CVE-2025-9630

The WP SinoType plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the sinotypeconfig function. This makes it possible for unauthenticated attackers to modify typography settings via a...

CVE-2025-9630

The CVE concerns WP SinoType (WordPress) plugin vulnerable to Cross-Site Forgery (CSRF) in versions ≤ 1.0 due to missing/incorrect nonce validation in sinotype_config, enabling unauthenticated attackers to modify typography settings if a site admin is tricked. Public details confirm affected soft...

CVE-2025-9630 WP SinoType <= 1.0 - Cross-Site Request Forgery

The WP SinoType plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the sinotypeconfig function. This makes it possible for unauthenticated attackers to modify typography settings via a...

CVE-2025-8479

CVE-2025-8479: The Zoho Flow WordPress plugin (versions ≤ 2.14.1) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in zoho_flow_deactivate_plugin. This allows unauthenticated attackers to cause changes to typography settings by tricking an admin into a forged ...

CVE-2025-8479 Zoho Flow <= 2.14.1 - Cross-Site Request Forgery

The Zoho Flow plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.14.1. This is due to missing or incorrect nonce validation on the zohoflowdeactivateplugin function. This makes it possible for unauthenticated attackers to modify typography setting...

CVE-2024-10453

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typography Settings in all versions up to, and including, 3.25.9 due to insufficient input sanitization and output escaping on user supplied attributes...

WordPress Elementor plugin <= 3.25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typography Settings vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Typography Settings vulnerability discovered by zer0gh0st in WordPress Plugin Elementor Website Builder versions = 3.25.9...

CVE-2024-10453

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typography Settings in all versions up to, and including, 3.25.9 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2024-10453 Elementor Website Builder – More than Just a Page Builder <= 3.25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typography Settings

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typography Settings in all versions up to, and including, 3.25.9 due to insufficient input sanitization and output escaping on user supplied attributes...

PT-2024-16293 · WordPress · Elementor Website Builder

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder plugin for WordPress versions up to, and including, 3.25.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Typography Settings due to insufficient input sanitization and output...