WordPress WP MultiTasking plugin <= 0.1.12 - Welcome Popup Update via CSRF vulnerability

Welcome Popup Update via CSRF vulnerability discovered by Norbert Hofmann in WordPress Plugin WP MultiTasking versions = 0.1.12...

oneshot has potential Use After Free when used asynchronously

There is a race condition that can lead to a use-after-free if a oneshot::Receiver is polled but then dropped instead of polled to completion. This could happen if the receiver future was cancelled while receiving, for example by being wrapped in a timeout future or similar. When the Receiver is...

GHSA-RVR2-R3PV-5M4P oneshot has potential Use After Free when used asynchronously

There is a race condition that can lead to a use-after-free if a oneshot::Receiver is polled but then dropped instead of polled to completion. This could happen if the receiver future was cancelled while receiving, for example by being wrapped in a timeout future or similar. When the Receiver is...

EUVD-2025-28661

Malicious code in bioql PyPI...

CVE-2025-58062 LSTM-Kirigaya's openmcp-client Vulnerable to RCE in MCP Authorization Flow

LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in th...

CVE-2025-58062

CVE-2025-58062 affects LSTM-Kirigaya’s openmcp-client (VSCode plugin for MCP developers) prior to version 0.1.12. On Windows, if a user connects to an attacker-controlled MCP server, an attacker can provision a malicious authorization server endpoint that enables an OS command injection in the op...

PT-2025-35147

Name of the Vulnerable Software and Affected Versions: openmcp-client versions prior to 0.1.12 Description: openmcp-client, a VS Code plugin for MCP developers, contains a flaw where a malicious authorization server endpoint can be provisioned by an attacker when a user on a Windows platform...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of access controls in the channel members API endpoint. An attacker can gain unauthorised access to metadata about members of public channels as a guest user by exploiting this securit...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of access control restrictions for System Manager roles. An attacker can gain unauthorized access via direct API requests to team endpoints and perform actions reserved for System...

CVE-2024-6860

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack...

CVE-2024-6860

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack...

CVE-2024-6857

CVE-2024-6857 concerns the WP MultiTasking WordPress plugin (versions &lt;= 0.1.12) where updating Header/Footer/Body Script Settings lacks CSRF protection. Exploitation could allow an attacker to force logged-in admins to perform these updates via CSRF. Public sources in connected docs confirm t...

WordPress plugin WP MultiTasking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin WP MultiTasking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

AZL-54036 CVE-2024-52798 affecting package nodejs-nodemon 2.0.3-5

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

CVE-2024-6856

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-6853

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack...

CVE-2024-6859

The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress plugin WP MultiTasking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin WP MultiTasking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...