EUVD-2024-48356

Malicious code in bioql PyPI...

EUVD-2025-9831

Malicious code in bioql PyPI...

CVE-2025-32192

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UltraPress Ultra Addons Lite for Elementor ut-elementor-addons-lite allows Stored XSS.This issue affects Ultra Addons Lite for Elementor: from n/a through = 1.1.8...

CVE-2025-32192

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UltraPress Ultra Addons Lite for Elementor ut-elementor-addons-lite allows Stored XSS.This issue affects Ultra Addons Lite for Elementor: from n/a through = 1.1.8...

CVE-2024-7434

The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...

CVE-2024-7434

The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...

CVE-2024-7434

The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...

CVE-2024-7434 UltraPress <= 1.2.2 - Authenticated (Contributor+) PHP Object Injection

The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...

CVE-2024-7434 UltraPress <= 1.2.2 - Authenticated (Contributor+) PHP Object Injection

The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...

CVE-2024-7434

CVE-2024-7434 concerns the UltraPress WordPress theme (versions

WordPress UltraPress theme <= 1.2.1 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Theme UltraPress versions = 1.2.1...

WordPress UltraPress Theme <= 1.2.1 is vulnerable to PHP Object Injection

Software UltraPress Type Theme Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7434 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 4b0bbff9d028 Credits Francesco Carlucci Required privilege...

PT-2024-38345 · WordPress · Ultrapress

Name of the Vulnerable Software and Affected Versions: UltraPress theme for WordPress versions up to, and including, 1.2.1 Description: The UltraPress theme for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input. This makes it possible for authenticated...

WordPress plugin UltraPress 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...