EUVD-2025-29423

Malicious code in bioql PyPI...

@account-kit/react (>=4.0.0 <=4.88.2), @account-kit/react-native (>=4.15.0 <=4.88.2) +50 more potentially affected by CVE-2024-57068 via @tanstack/form-core (>=0.0.1 <=0.42.0)

@tanstack/form-core NPM version =0.0.1, =4.0.0, =4.15.0, =3.13.0, =0.0.1, =0.1.1, =0.0.1, =1.0.0, =0.3.5, =0.3.3, =0.10.0 and more Source cves: CVE-2024-57068 Source advisory: OSV:GHSA-GGV3-VMGW-XV2Q...

WordPress Passwordless Login with OTP / SMS & Email – Account Kit Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Passwordless Login with OTP / SMS & Email – Account Kit Type Plugin Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f69eb28819b1...

WordPress Passwordless Login with OTP / SMS & Email – Account Kit plugin <= 1.2.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Passwordless Login with OTP / SMS & Email – Account Kit plugin versions = 1.2.3. Solution No patched version available...

WordPress Passwordless Login with OTP / SMS & Email – Account Kit plugin <= 1.2.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Passwordless Login with OTP / SMS & Email – Account Kit plugin versions = 1.2.3. Solution No patched version available...