CVE-2026-42726

Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AWP Classifieds: from n/a through = 4.4.5...

EUVD-2026-32178

Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AWP Classifieds: from n/a through = 4.4.5...

CVE-2026-42726

CVE-2026-42726 describes a Missing Authorization / Broken Access Control in the WordPress plugin AWP Classifieds (versions

WordPress AWP Classifieds plugin <= 4.4.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by she11f in WordPress Plugin AWP Classifieds versions = 4.4.5...

EUVD-2026-27188

The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

CVE-2026-5100

The CVE-2026-5100 entry concerns the WordPress AWP Classifieds plugin up to v4.4.5, vulnerable to SQL Injection via the regions parameter array keys due to insufficient escaping and lack of prepared statements. The issue allows unauthenticated attackers to append additional SQL to existing querie...

GHSA-22M3-C7VP-49FJ IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links

Impact An attacker can manipulate the HTTP Host header on a password reset or account creation request. The confirmation link in the resulting email can then point to an attacker-controlled domain. Opening the link in the email is sufficient to pass the token to the attacker, who can then use it ...

CVE-2025-71244 SPIP < 4.4.5 Open Redirect via Login Form

SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been...

CVE-2026-24490

MobSF is a mobile application security testing tool used. Prior to version 4.4.5, a Stored Cross-site Scripting XSS vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The...

CVE-2026-24490 MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field

MobSF is a mobile application security testing tool used. Prior to version 4.4.5, a Stored Cross-site Scripting XSS vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The...

WordPress plugin EduMall 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

EUVD-2021-1408

Malware in sbrugna...

EUVD-2023-46154

Malicious code in bioql PyPI...

EUVD-2022-50185

Malicious code in bioql PyPI...

EUVD-2022-38858

Malicious code in bioql PyPI...

EUVD-2022-38857

Malicious code in bioql PyPI...

EUVD-2023-46159

Malicious code in bioql PyPI...

CVE-2023-41667

Cross-Site Request Forgery CSRF vulnerability in Ulf Benjaminsson WP-dTree plugin = 4.4.5 versions...

CVE-2023-41662

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Ulf Benjaminsson WP-dTree plugin = 4.4.5 versions...

CVE-2023-46206

Missing Authorization vulnerability in Webの相談所 MW WP Form mw-wp-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MW WP Form: from n/a through = 4.4.5...