EUVD-2026-23458

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary File Read in versions up to and including 1.3.9.6. This is due to the plugin using client-supplied mfile POST values as the source of truth for email attachment...

CVE-2026-5710

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary File Read in versions up to and including 1.3.9.6. This is due to the plugin using client-supplied mfile POST values as the source of truth for email attachment...

CVE-2026-5710

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary File Read in versions up to and including 1.3.9.6. This is due to the plugin using client-supplied mfile POST values as the source of truth for email attachment...

WordPress WPvivid 0.9.123 Payload Generator / Scanner

This Python script is a proof of concept tool designed to generate a crafted payload targeting the WPvivid Backup Migration plugin mechanism in WordPress. The script encrypts a JSON object containing file data using AES-CBC with a null key and IV, formats it according to the plugin's expected...

📄 WordPress WOOCOMMERCE Designer Pro 1.9.26 Shell Upload

WordPress WOOCOMMERCE Designer Pro plugin version 1.9.26 proof of concept remote shell upload exploit. ============================================================================================================================================= | Title : WordPress WOOCOMMERCE Designer Pro 1.9.26...

PT-2026-6021

Name of the Vulnerable Software and Affected Versions WP Content Permission versions prior to 1.3 Description The WP Content Permission plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the ohmem-message...

EUVD-2025-198495

The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate protection. This makes it possible for unauthenticated attackers to extract potentially sensitive...

CVE-2025-12747 Tainacan <= 1.0.0 - Unauthenticated Information Exposure

The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate protection. This makes it possible for unauthenticated attackers to extract potentially sensitive...

PT-2025-47786

Name of the Vulnerable Software and Affected Versions Tainacan plugin for WordPress versions up to and including 1.0.0 Description The Tainacan plugin for WordPress has an information exposure issue in versions up to and including 1.0.0. Uploaded files marked as private are exposed in the...

PT-2025-45175

Name of the Vulnerable Software and Affected Versions Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress versions up to and including 8.6.0 Description The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress has a flaw related to file uploads. An incorrect...

EUVD-2021-11126

Malware in sbrugna...

EUVD-2023-27966

Malicious code in bioql PyPI...

EUVD-2023-49374

Malicious code in bioql PyPI...

EUVD-2024-43369

Malicious code in bioql PyPI...

CVE-2025-10188 The Hack Repair Guy's Plugin Archiver <= 2.0.4 - Cross-Site Request Forgery to Arbitrary Directory Deletion in /wp-content

The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the bulkremove function. This makes it possible for unauthenticated attackers to arbitrar...

WordPress plugin The Hack Repair Guys Plugin Archiver Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2024-49306

Cross-Site Request Forgery CSRF vulnerability in wp-buy WP Content Copy Protection & No Right Click wp-content-copy-protector allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through = 3.5.9...

CVE-2023-23883

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in David Gwyer WP Content Filter plugin = 3.0.1 versions...

CVE-2025-4579

The WP Content Security Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blocked-uri and effective-directive parameters in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-6690 WP Content Copy Protection & No Right Click (premium) < 15.3 - Open Redirect

The wccp-pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external sites...