EUVD-2022-15917

Malicious code in bioql PyPI...

CVE-2025-48101

Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress allows Object Injection. This issue affects Constant Contact for WordPress: from n/a through 4.1.1...

CVE-2025-48101 WordPress Constant Contact for WordPress Plugin <= 4.1.1 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress allows Object Injection. This issue affects Constant Contact for WordPress: from n/a through 4.1.1...

CVE-2025-48101 WordPress Constant Contact for WordPress Plugin <= 4.1.1 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress allows Object Injection. This issue affects Constant Contact for WordPress: from n/a through 4.1.1...

WordPress plugin和WordPress 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...

CVE-2025-49407

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez allows Reflected XSS. This issue affects Houzez: from n/a through 4.1.1...

CVE-2025-49407

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez allows Reflected XSS. This issue affects Houzez: from n/a through 4.1.1...

CVE-2025-49407 WordPress Houzez Theme <= 4.1.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez allows Reflected XSS. This issue affects Houzez: from n/a through 4.1.1...

CVE-2025-49405 WordPress Houzez Theme < 4.1.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Favethemes Houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a before 4.1.4...

WordPress和WordPress plugin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Houzez Theme <= 4.1.1 is vulnerable to Local File Inclusion

Software Houzez Type Theme Vulnerable versions = 4.1.1 Fixed in 4.1.4 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49405 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID c84fd40ba09c Credits Rafie Muhammad Patchstack Required privilege...

CVE-2025-49406

CVE-2025-49406 concerns the WordPress Houzez theme (

CVE-2025-49406 WordPress Houzez Theme <= 4.1.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1...

WordPress Houzez Theme <= 4.1.1 is vulnerable to Broken Access Control

Software Houzez Type Theme Vulnerable versions = 4.1.1 Fixed in 4.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-49406 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 920f9b9106ce Credits Rafie Muhammad Patchstack Required...

PT-2025-33942 · Favethemes · Houzez

Name of the Vulnerable Software and Affected Versions: favethemes Houzez versions through 4.1.1 Description: A missing authorization flaw in favethemes Houzez allows access to functionality that is not properly restricted by Access Control Lists ACLs. Recommendations: Update to a version beyond...

CVE-2025-7499

The BetterDocs – Advanced AI-Driven Documentation, FAQ & Knowledge Base Tool for Elementor & Gutenberg with Encyclopedia, AI Support, Instant Answers plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getresponse function in all versions up ...

CVE-2025-7499

The CVE-2025-7499 entry concerns the BetterDocs plugin for WordPress, with a missing capability check in the get_response function present in all versions up to 4.1.1. This allows unauthenticated attackers to access passwords for password-protected documents and metadata of private/draft document...

GHSA-F5XG-CFPJ-2MW6 taro-css-to-react-native Regular Expression Denial of Service vulnerability

A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely...

CVE-2025-49435

Cross-Site Request Forgery CSRF vulnerability in Hasina77 Wp Easy Allopass wordpress-easy-allopass allows Cross Site Request Forgery.This issue affects Wp Easy Allopass: from n/a through = 4.1.1...

CVE-2025-49435

CVE-2025-49435 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Wp Easy Allopass, affecting versions n/a through 4.1.1. The CVSS 3.1 base metrics indicate a MEDIUM severity (4.3) with NETWORK attack vector, low attack complexity, no privileges required, but user...