PT-2026-41573

These are all security issues fixed in the liblldpctl4-1.0.22-1.1 package on the GA media of openSUSE Tumbleweed...

Malicious code in @get-wrecked/overlay (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3f69fb73aa68e8345f0c5b8a87578c3eac0a11576be46084e983aa24d911f07 The package @get-wrecked/overlay was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1241 Malicious code in @get-wrecked/overlay (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3f69fb73aa68e8345f0c5b8a87578c3eac0a11576be46084e983aa24d911f07 The package @get-wrecked/overlay was found to contain malicious code. Source: ghsa-malware...

WordPress Build App Online plugin <= 1.0.22 - Account Takeover via Weak Password Reset Mechanism vulnerability

Account Takeover via Weak Password Reset Mechanism vulnerability discovered by Ram - Wordfence in WordPress Plugin Build App Online versions = 1.0.22...

CVE-2025-14541

The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditionaltags parameter. This is due to the plugin using PHP's eval function on user-controlled input without proper validation or sanitization. This makes i...

PT-2026-7480

Name of the Vulnerable Software and Affected Versions Lucky Wheel Giveaway plugin for WordPress versions prior to 1.0.23 Description The Lucky Wheel Giveaway plugin for WordPress is susceptible to Remote Code Execution. This is due to the use of PHP’s eval function on user-controlled input withou...

WordPress Lucky Wheel Giveaway plugin <= 1.0.22 - Authenticated (Administrator+) Remote Code Execution via 'conditional_tags' Parameter vulnerability

Authenticated Administrator+ Remote Code Execution via 'conditionaltags' Parameter vulnerability discovered by Nguyen Truong Roll - FPT IS in WordPress Plugin Lucky Wheel Giveaway versions = 1.0.22...

CVE-2025-14030

The AI Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aifepostmeta' shortcode in all versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...

CVE-2025-14030 AI Feeds <= 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aife_post_meta' Shortcode

The AI Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aifepostmeta' shortcode in all versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...

EUVD-2025-203079

The AI Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aifepostmeta' shortcode in all versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...

PT-2025-50923

The AI Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aife post meta' shortcode in all versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

WordPress plugin AI Feeds 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

EUVD-2025-198444

Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tiktok Feed: from n/a through = 1.0.22...

CVE-2025-66110

Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tiktok Feed: from n/a through = 1.0.23...

CVE-2025-66110 WordPress Tiktok Feed plugin <= 1.0.23 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tiktok Feed: from n/a through = 1.0.23...

PT-2025-47772

Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tiktok Feed: from n/a through = 1.0.22...

WordPress plugin Tiktok Feed 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress Thumbnail Slider With Lightbox plugin <= 1.0.21 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Thumbnail Slider With Lightbox versions = 1.0.21...

EUVD-2024-30257

Malicious code in bioql PyPI...

EUVD-2023-49428

Malicious code in bioql PyPI...