9 matches found
CVE-2025-68525
CVE-2025-68525 targets the WordPress Category Icon plugin (versions up to and including 1.0.2). The root cause is improper input neutralization during web-page generation, leading to Stored Cross-Site Scripting (XSS). Affected product/component: WordPress Category Icon category-icon feature; impa...
EUVD-2025-25366
Malicious code in bioql PyPI...
CVE-2025-31915
Cross-Site Request Forgery CSRF vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Cross Site Request Forgery.This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through = 1.0.3...
PT-2025-1543 · Unknown · Dragfy Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Dragfy Addons for Elementor versions 1.0.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For Dragfy Addo...
PT-2024-17016 · WordPress · Easy Code Snippets
Name of the Vulnerable Software and Affected Versions: Easy Code Snippets plugin for WordPress versions up to, and including, 1.0.2 Description: The issue is related to Reflected Cross-Site Scripting via the page parameter due to insufficient input sanitization and output escaping. This allows...
PT-2024-24884 · Shortpixel · Shortpixel Critical Css
Name of the Vulnerable Software and Affected Versions: ShortPixel Critical CSS versions 1.0.2 and earlier Description: The issue is related to a Missing Authorization vulnerability in ShortPixel Critical CSS. This vulnerability affects the software by allowing unauthorized access due to the lack ...
CVE-2023-31092
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Foxskav Easy Bet.This issue affects Easy Bet: from n/a through 1.0.2...
PT-2023-27751 · Unknown · Juplink Rx4-1500
Name of the Vulnerable Software and Affected Versions: Juplink RX4-1500 versions V1.0.2 through V1.0.5 Description: The issue allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint "homemng.htm". This enables attackers to inject command...
12g (=0.0.27), 402 (>=0.0.2 <=0.1.1) +994 more potentially affected by unknown CVE via sequelize (>=1.0.2 <=4.44.3)
sequelize NPM version =1.0.2, =0.0.2, =1.16.1, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =0.0.1, =1.1.7, =0.0.1, =1.0.0, =4.0.2, =5.2.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-FW4P-36J9-RRJ3...