openSUSE 16 Security Update : libsodium (openSUSE-SU-2026:20642-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20642-1 advisory. Security fixes: - CVE-2025-15444: Cryptographic bypass via improper elliptic curve point validation bsc1256070. - CVE-2025-69277: incorrect...

SUSE-SU-2026:21422-1 Security update for libsodium

This update for libsodium fixes the following issues: Security fixes: - CVE-2025-15444: Cryptographic bypass via improper elliptic curve point validation bsc1256070. - CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to...

OPENSUSE-SU-2026:10022-1 libsodium-devel-1.0.21-1.1 on GA media

These are all security issues fixed in the libsodium-devel-1.0.21-1.1 package on the GA media of openSUSE Tumbleweed...

WordPress Thumbnail Slider With Lightbox plugin <= 1.0.21 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Thumbnail Slider With Lightbox versions = 1.0.21...

EUVD-2024-49388

Malicious code in bioql PyPI...

CVE-2025-54710

Summary of CVE-2025-54710 (WordPress Tiktok Feed plugin) : A Missing Authorization / broken access control vulnerability affects the WordPress plugin “Tiktok Feed” (versions up to and including 1.0.21). The issue enables an attacker to access functionality that is not properly constrained by ACLs...

CVE-2025-54710 WordPress Tiktok Feed Plugin <= 1.0.21 - Broken Access Control Vulnerability

Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tiktok Feed: from n/a through = 1.0.21...

WordPress plugin Tiktok Feed 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-35068

Name of the Vulnerable Software and Affected Versions: bPlugins Tiktok Feed versions through 1.0.21 Description: A missing authorization flaw exists in bPlugins Tiktok Feed, allowing access to functionality not properly constrained by Access Control Lists ACLs. Recommendations: Update bPlugins...

WordPress Tiktok Feed Plugin <= 1.0.21 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Tiktok Feed versions = 1.0.21...

CVE-2024-0969

The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content...

CVE-2024-34809

Cross-Site Request Forgery CSRF vulnerability in Extend Themes EmpowerWP.This issue affects EmpowerWP: from n/a through 1.0.21...

WordPress Easy Blocks pro plugin <= 1.0.21 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Khalid Yusuf Patchstack Alliance in WordPress Plugin Easy Blocks pro versions = 1.0.21...

WordPress Ortto Plugin <= 1.0.19 is vulnerable to Cross Site Scripting (XSS)

Software Ortto Type Plugin Vulnerable versions = 1.0.19 Fixed in 1.0.21 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52482 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4b5d486dfe4b Credits Le Ngoc Anh Required privilege...

CVE-2024-8741

The Beam me up Scotty – Back to Top Button plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to inject...

WordPress Beam me up Scotty plugin <= 1.0.21 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Beam me up Scotty versions = 1.0.21...

PT-2024-39218 · WordPress · Beam Me Up Scotty – Back To Top Button

Name of the Vulnerable Software and Affected Versions: Beam me up Scotty – Back to Top Button plugin for WordPress versions up to, and including, 1.0.21 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without proper escaping on the URL. This...

CVE-2023-7264

The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code...

CVE-2024-34809

Cross-Site Request Forgery CSRF vulnerability in Extend Themes EmpowerWP.This issue affects EmpowerWP: from n/a through 1.0.21...

WordPress EmpowerWP theme <= 1.0.21 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme EmpowerWP versions = 1.0.21...