Malicious code in executor-engine (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 445bbd05ea0ef3e22608235bea18f26fc18aaaff2066b5512c9752ba04a6ab13 Versions 0.3.4, 0.3.5 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

Malicious code in pantheon-toolsets (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9c9711927907f09a0ef2b146d3aba3b8a06197b9af3f639d579015cdab7c0d5d Versions 0.5.5, 0.5.6 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

MAL-2026-5296 Malicious code in magique (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f5d3bf9e3bbd5c258d251ade5a15f3383a47a53ddd399d7cd3db2aee5cec45c4 Versions 0.6.8, 0.6.9 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

MAL-2026-5300 Malicious code in funcdesc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c6f85c691f141dc4c962171ac49945286bb40e15cb8450d2f42d048a3f53bb22 Versions 0.2.2, 0.2.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

Malicious code in synago (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bee487bb185457ca9e9d74e0963e23be3e84241a6bcd7d0bd5ca44855dd7d28b Versions 0.1.1, 0.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

Malicious code in dynamo-release (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a4e35bea632f7363e7a1cc6ccbfb9227eca2c4720b0a689edc1bc3ce64c9d85c Versions 1.5.4 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

Malicious code in coolbox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5c2dc2f03691017c67f2ef9805c4974416d935298b4748b033bfb7f487ede251 Versions 0.4.1, 0.4.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

CVE-2025-13967

The Woodpecker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formname' parameter of the woodpecker-connector shortcode in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress Woodpecker for WordPress plugin <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_name' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'formname' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Woodpecker for WordPress versions = 3.0.4...

CVE-2025-13967

The Woodpecker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formname' parameter of the woodpecker-connector shortcode in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-13967

CVE-2025-13967 (Woodpecker for WordPress) details (from connected doc): The Woodpecker for WordPress plugin is affected by a stored XSS in the woodpecker-connector shortcode’s form_name parameter. This vulnerability exists in all versions up to and including 3.0.4. Exploitation requires authentic...

CVE-2025-13967 Woodpecker for WordPress <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_name' Shortcode Attribute

The Woodpecker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formname' parameter of the woodpecker-connector shortcode in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-13967 Woodpecker for WordPress <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_name' Shortcode Attribute

The Woodpecker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formname' parameter of the woodpecker-connector shortcode in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2023-40034

Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if the CI is configured for public usage and connected to a for...

CVE-2024-41121

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...

CVE-2024-41122

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...

WordPress plugin Woodpecker for WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2026-1729

Name of the Vulnerable Software and Affected Versions Woodpecker for WordPress plugin versions up to and including 3.0.4 Description The Woodpecker for WordPress plugin is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the form na...

EUVD-2025-116981

Malicious code in yabbering-brown-woodpecker npm...

EUVD-2025-97959

Malicious code in internationalwoodpeckerz3n npm...