CVE-2025-12156 Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One 2.0.7 - 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Post Creation

The Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savepostdata function in versions 2.0.7 to 2.2.6. This makes it possible for authenticated attackers, with...

PT-2025-44943

The Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save post data function in versions 2.0.7 to 2.2.6. This makes it possible for authenticated attackers, wit...

EUVD-2023-29429

Malicious code in bioql PyPI...

CVE-2025-54704

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows DOM-Based XSS.This issue affects Easy Elementor Addons: from n/a through = 2.2.6...

CVE-2025-54704

CVE-2025-54704 is a DOM-based XSS vulnerability in the WordPress plugin Easy Elementor Addons (versions up to 2.2.6). The root cause is improper neutralization of user input during web page generation, enabling DOM-based cross-site scripting. Public sources confirm affected software as Easy Eleme...

CVE-2023-32297

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in LWS LWS Affiliation allows PHP Local File Inclusion.This issue affects LWS Affiliation: from n/a through 2.2.6...

WordPress GuardGiant Brute Force Protection plugin <= 2.2.6 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin WordPress Brute Force Protection – Stop Brute Force Attacks versions = 2.2.6...

WordPress plugin LWS Affiliation 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

WordPress Plugin About Me 3000 widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2023-25474

Cross-Site Request Forgery CSRF vulnerability in Csaba Kissi About Me 3000 widget plugin = 2.2.6 versions...

IBM Sterling File Gateway Information Disclosure Vulnerability (CNVD-2018-14094)

IBM Sterling File Gateway is a suite of file transfer software from IBM in the United States. The software integrates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet. An information disclosure vulnerability exists in IBM Sterlin...

IBM Sterling File Gateway Information Disclosure Vulnerability (CNVD-2018-14088)

IBM Sterling File Gateway is a suite of file transfer software from IBM in the United States. The software integrates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet. A security vulnerability exists in IBM Sterling File Gateway...