CVE-2025-1624

The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

EUVD-2023-57447

Malicious code in bioql PyPI...

EUVD-2024-3046

Malicious code in bioql PyPI...

EUVD-2022-34709

Malicious code in bioql PyPI...

CVE-2024-11223

Summary (CVE-2024-11223): The WPForms WordPress plugin, versions prior to 1.9.2.3, fails to sanitise and escape certain settings. This allows high-privilege users (e.g., admins) to perform Stored Cross-Site Scripting (XSS) even when unfiltered_html is disallowed (e.g., multisite). The vulnerabili...

Magento Open Source allows Server-Side Request Forgery (SSRF)

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...

CVE-2022-4358 WP RSS By Publishers <= 0.1 - Admin+ SQLi

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2022-3408 WP Word Count <= 3.2.3 - Admin+ Stored Cross-Site Scripting

The WP Word Count WordPress plugin through 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...