WordPress Splide Carousel Block plugin <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin Splide Carousel Block versions = 1.7.1...

WordPress BookIt plugin <= 2.5.1 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by davidfdzmorilla in WordPress Plugin BookIt versions = 2.5.1...

WordPress Call To Action plugin plugin <= 3.1.3 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Call To Action Plugin versions = 3.1.3...

WordPress WishList Member X plugin <= 3.29.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin WishList Member X versions = 3.29.0...

WordPress Podlove Web Player plugin <= 5.9.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by PPzzAArr in WordPress Plugin Podlove Web Player versions = 5.9.1...

WordPress Shield Security plugin <= 21.0.8 - Cross-Site Request Forgery to SQL Injection vulnerability

Cross-Site Request Forgery to SQL Injection vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shield Security versions = 21.0.8...

WordPress AIomatic - Automatic AI Content Writer plugin <= 2.0.5 - Unauthenticated Arbitrary Email Sending vulnerability

WordPress AIomatic - Automatic AI Content Writer plugin = 2.0.5 - Unauthenticated Arbitrary Email Sending vulnerability discovered by István Márton - Wordfence in WordPress Plugin Aiomatic versions = 2.0.5...

WordPress Salient Core plugin <= 2.0.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability

Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by István Márton - Wordfence in WordPress Plugin Salient Core versions = 2.0.7...

WordPress Cookie consent for developers plugin <= 1.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Multiple Settings Fields vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Multiple Settings Fields vulnerability discovered by 0x34rth in WordPress Plugin Cookie consent for developers versions = 1.7.1...

GHSA-QV7W-V773-3XQM sm-crypto Affected by Signature Malleability in SM2-DSA

Summary A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library. An attacker can derive a new valid signature for a previously signed message from an existing signature. Credit This vulnerability was discovered by: - XlabAI Team of Tencent...

WordPress EcoBlue theme <= 1.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme EcoBlue versions = 1.15...

WordPress Speed Kit plugin <= 2.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Speed Kit versions = 2.0.2...

WordPress 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin <= 2.1.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin 百度站长SEO合集支持百度/神马/Bing/头条推送 versions = 2.1.4...

EUVD-2020-5394

Malware in sbrugna...

EUVD-2023-32517

Malicious code in bioql PyPI...

WordPress BeYoga Theme <= 2.0.0 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme BeYoga versions = 2.0.0...

WordPress Crework Theme <= 1.1.11 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Crework versions = 1.1.11...

WordPress OceanWP theme < 4.1.2 - Subscriber+ Limited Option Update vulnerability

Subscriber+ Limited Option Update vulnerability discovered by Hamit Cibo in WordPress Theme OceanWP versions 4.1.2...

WordPress Cars4Rent Theme <= 1.4.2 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Cars4Rent versions = 1.4.2...

WordPress Qi Blocks plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Denver Jackson in WordPress Plugin Qi Blocks versions = 1.4.3...