WordPress plugin IMGspider has code vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2025-36390

A vulnerability was detected in ermig1979 AntiDupl up to 2.3.12. Impacted is an unknown function of the file AntiDupl.NET.WinForms.exe of the component Delete Duplicate Image Handler. The manipulation results in link following. The attack is only possible with local access. The vendor was contact...

CVE-2025-12341

Summary : CVE-2025-12341 affects ermig1979 AntiDupl up to version 2.3.12. The issue resides in an unknown function within the Delete Duplicate Image Handler’s file AntiDupl.NET.WinForms.exe, enabling a link-following vulnerability. The attack is possible with local access. Multiple sources (PT-20...

WordPress ZoloBlocks plugin <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable vulnerability

Missing Authorization to Unauthenticated Popup Enable/Disable vulnerability discovered by Jay in WordPress Plugin ZoloBlocks versions = 2.3.11...

EUVD-2023-33834

Malicious code in bioql PyPI...

PT-2025-7514 · WordPress · Ltl Freight Quotes – Globaltranz Edition

Name of the Vulnerable Software and Affected Versions: LTL Freight Quotes – GlobalTranz Edition plugin for WordPress versions up to, and including, 2.3.12 Description: The issue concerns a missing capability check on the "engtz wd save dropship" AJAX endpoint, allowing unauthenticated attackers t...

WordPress LTL Freight Quotes – GlobalTranz Edition plugin <= 2.3.12 - Missing Authorization to Unauthenticated Settings Update vulnerability

Missing Authorization to Unauthenticated Settings Update vulnerability discovered by Colin Xu in WordPress Plugin LTL Freight Quotes – GlobalTranz Edition versions = 2.3.12...

PT-2025-6947 · Enituretechnology · Enituretechnology Ltl Freight Quotes – Freightquote Edition

Name of the Vulnerable Software and Affected Versions: enituretechnology LTL Freight Quotes – FreightQuote Edition versions 2.3.11 and earlier Description: The issue is related to improper neutralization of special elements used in an SQL command, allowing SQL injection. This problem can be...

CVE-2023-45752

Cross-Site Request Forgery CSRF vulnerability in 10 Quality Post Gallery plugin = 2.3.12 versions...

PT-2023-29668 · WordPress · 10 Quality Post Gallery

Name of the Vulnerable Software and Affected Versions: 10 Quality Post Gallery plugin versions prior to 2.3.12 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on ...

WordPress Post Gallery Plugin <= 2.3.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post Gallery Type Plugin Vulnerable versions = 2.3.12 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45752 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e7bbac19db20 Credits Mika Required privilege...

CVE-2023-2331

Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service NixService.Exe on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windows : from 2.3.12 through 2.40.0...

SOGo < 2.3.12, 3.x < 3.1.1 Multiple Vulnerabilities

SOGo is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:alinto:sogo"; if description...

CVE-2017-17430

Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface...

Design/Logic Flaw

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2...