WordPress FireStorm Professional Real Estate plugin <= 2.7.11 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Mrreee in WordPress Plugin FireStorm Professional Real Estate versions = 2.7.11...

EUVD-2025-201941

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dream-Theme The7 Elements dt-the7-core allows PHP Local File Inclusion.This issue affects The7 Elements: from n/a through = 2.7.11...

CVE-2025-63076

CVE-2025-63076 affects The7 Elements (dt-the7-core) up to version 2.7.11, enabling PHP Local File Inclusion due to improper filename control in Include/Require. Multiple sources (Wordfence, CVE listings) confirm this vulnerability and indicate it has been patched. The advisory notes the issue as ...

CVE-2025-11244

CVE-2025-11244 affects the WordPress Password Protected plugin (versions ≤ 2.7.11). The vulnerability arises because the plugin trusts client-controlled HTTP headers (eg, X-Forwarded-For, HTTP_CLIENT_IP) in pp_get_ip_address() when the Use transients option is enabled, enabling an unauthenticated...

CVE-2025-11244 Password Protected <= 2.7.11 - Unauthenticated Authorization Bypass via IP Address Spoofing

The Password Protected plugin for WordPress is vulnerable to authorization bypass via IP address spoofing in all versions up to, and including, 2.7.11. This is due to the plugin trusting client-controlled HTTP headers such as X-Forwarded-For, HTTPCLIENTIP, and similar headers to determine user IP...

WordPress The7 Elements plugin <= 2.7.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin The7 Elements versions = 2.7.11...

EUVD-2023-38279

Malicious code in bioql PyPI...

EUVD-2024-45911

Malicious code in bioql PyPI...

CVE-2023-34178

Cross-Site Request Forgery CSRF vulnerability in Groundhogg Inc. Groundhogg plugin = 2.7.11 versions...

CVE-2021-43792

Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature. A tag group may only allow a certain group e.g. staff to view certain tags. Users who were tracking or watching th...

WordPress WP SEO Structured Data Schema plugin <= 2.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Settings vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by Jorgson in WordPress Plugin WP SEO Structured Data Schema versions = 2.7.11...

WordPress plugin Jobs for WordPress 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

PT-2024-35266 · Linear · Linear

Name of the Vulnerable Software and Affected Versions: Linear versions through 2.7.11 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. Specifically, it is a DOM-Based XSS vulnerability. This means that the...

PT-2024-16545 · WordPress · Simple Local Avatars

Name of the Vulnerable Software and Affected Versions: The Simple Local Avatars plugin for WordPress versions up to, and including, 2.7.11 Description: The issue is related to a missing capability check on the sla clear user cache function, allowing authenticated attackers with Subscriber-level...

WordPress Simple Local Avatars Plugin <= 2.7.11 is vulnerable to Broken Access Control

Software Simple Local Avatars Type Plugin Vulnerable versions = 2.7.11 Fixed in 2.8.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10786 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 717b24faeea4 Credits Trương Hữu Phúc...

CVE-2024-51739

Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the user exists or not. This fix is included in...

Combodo iTop 信息泄露漏洞

Combodo iTop is a suite of open source web applications developed by Combodo France based on ITIL and used for the daily operation of IT environments. The program provides incident management, configuration management and problem management. An information disclosure vulnerability exists in Combo...

CVE-2023-34178

Cross-Site Request Forgery CSRF vulnerability in Groundhogg Inc. Groundhogg plugin = 2.7.11 versions...

WordPress Groundhogg Plugin <= 2.7.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Groundhogg Type Plugin Vulnerable versions = 2.7.11 Fixed in 2.7.11.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34178 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5e519ca6b6e3 Credits Rafshanzani Suhada...

WordPress Groundhogg Plugin <= 2.7.11 is vulnerable to SQL Injection

Software Groundhogg Type Plugin Vulnerable versions = 2.7.11 Fixed in 2.7.11.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-34179 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID fce4114f251b Credits Rafshanzani Suhada Required privilege Administrato...