109 matches found
CVE-2025-62081
Missing Authorization vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through =...
WordPress Carousel Slider plugin <= 2.2.14 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Carousel Slider versions = 2.2.14...
WordPress plugin Import into Easy Property Listings 跨站请求伪造漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is ...
WordPress plugin WP Telegram Widget and Join Link 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...
PT-2025-52122
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Kicker kicker allows PHP Local File Inclusion.This issue affects Kicker: from n/a through = 2.2.0...
CVE-2025-67543
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through = 2.2.2...
CVE-2025-67550
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rhewlif Donation Thermometer donation-thermometer allows Stored XSS.This issue affects Donation Thermometer: from n/a through = 2.2.6...
CVE-2025-67550 WordPress Donation Thermometer plugin <= 2.2.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rhewlif Donation Thermometer donation-thermometer allows Stored XSS.This issue affects Donation Thermometer: from n/a through = 2.2.6...
CVE-2025-65947
thread-amount is a tool that gets the amount of threads in the current process. Prior to version 0.2.2, there are resource leaks when querying thread counts on Windows and Apple platforms. In Windows platforms, the threadamount function calls CreateToolhelp32Snapshot but fails to close the return...
CVE-2025-11168
The Mementor Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.5. This is due to plugin not properly handling the user switch back function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to eleva...
CVE-2025-64358 WordPress Smart Coupons for WooCommerce plugin <= 2.2.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce wt-smart-coupons-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Coupons for WooCommerce: from n/a through = 2.2.3...
CVE-2025-64289
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.This issue affects Premmerce Product Search for WooCommerce: from n/a through = 2.2.5...
EUVD-2025-28174
Malicious code in bioql PyPI...
EUVD-2025-32059
Malicious code in bioql PyPI...
EUVD-2025-31051
Malicious code in bioql PyPI...
EUVD-2024-21691
Malicious code in bioql PyPI...
EUVD-2023-31437
Malicious code in bioql PyPI...
CVE-2025-59827
Flag Forge is a Capture The Flag CTF platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated user to assign high-privilege badges e.g., Staff to themselves. This could lead to privilege escalation and impersonation of administrative...
CVE-2025-57987
Missing Authorization vulnerability in ThimPress WP Events Manager wp-events-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Events Manager: from n/a through = 2.2.1...
CVE-2025-59826
Flag Forge CT F platform (CVE-2025-59826) is affected in version 2.1.0 where non-admin users can create arbitrary challenges, potentially introducing malicious, incorrect, or misleading content. The issue is mitigated by upgrading to version 2.2.0. Connected sources consistently describe the vuln...