88 matches found
EUVD-2023-32266
Malicious code in bioql PyPI...
EUVD-2022-51848
Malicious code in bioql PyPI...
EUVD-2023-34046
Malicious code in bioql PyPI...
EUVD-2025-10544
Malicious code in bioql PyPI...
CVE-2024-6226
The WpStickyBar WordPress plugin through 2.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-6074
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-1231
The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack...
CVE-2024-13220
The WordPress Google Map Professional Map In Your Language WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-13057
The Dyn Business Panel WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-5030
The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack...
CVE-2024-9934
The Wp-ImageZoom WordPress plugin through 1.1.0 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2021-32573
The express-cart package through 1.1.10 for Node.js allows Reflected XSS for an admin via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website...
CVE-2006-6894
Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown impact and attack vectors, related to 1 "Placeholders in database handler" and 2 "Macro admin security."...
PT-2025-21886 · WordPress · Ninja Forms
Name of the Vulnerable Software and Affected Versions: Ninja Forms WordPress plugin versions prior to 3.10.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, f...
CVE-2023-2334
The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a...
CVE-2024-8050
The Custom Author Base WordPress plugin through 1.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-9838 Auto Affiliate Links < 6.4.7 - Admin+ SQL Injection
The Auto Affiliate Links WordPress plugin before 6.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...
CVE-2025-26941
CVE-2025-26941 is a SQL Injection vulnerability affecting the WordPress Church Admin plugin (versions up to and including 5.0.18). The issue arises from improper neutralization of special elements used in an SQL command, enabling an attacker to potentially access or exfiltrate data. Documented im...
CVE-2024-13626
The VR-Frases collect & share quotes WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
RHSA-2008:0201 Red Hat Security Advisory: redhat-ds-admin security update
Bulletin has no description...