EUVD-2025-30506

Malicious code in bioql PyPI...

CVE-2025-58687

Cross-Site Request Forgery CSRF vulnerability in WP CMS Ninja Current Age Plugin current-age allows Stored XSS.This issue affects Current Age Plugin: from n/a through = 1.6...

CVE-2025-58687

Cross-Site Request Forgery CSRF vulnerability in WP CMS Ninja Current Age Plugin current-age allows Stored XSS.This issue affects Current Age Plugin: from n/a through = 1.6...

WordPress Current Age Plugin Plugin <= 1.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Current Age Plugin versions = 1.6...

CVE-2025-58687

CVE-2025-58687 affects the Current Age Plugin for WordPress (up to 1.6). Public docs (Wordfence/ Patchstack lineage) confirm a CSRF flaw that leads to a stored XSS condition. Affected plugin versions prior to 1.6 are vulnerable; remediation is to upgrade to 1.6 (patched). CVSS v3.1 base score 7.1...

CVE-2025-58687 WordPress Current Age Plugin Plugin <= 1.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in WP CMS Ninja Current Age Plugin current-age allows Stored XSS.This issue affects Current Age Plugin: from n/a through = 1.6...

PT-2025-38975

Name of the Vulnerable Software and Affected Versions WP CMS Ninja Current Age Plugin versions through 1.6 Description A Cross-Site Request Forgery CSRF issue exists in WP CMS Ninja Current Age Plugin, which also allows Stored Cross-Site Scripting XSS. Recommendations Update WP CMS Ninja Current...

WordPress plugin Current Age Plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

rage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution

A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the rage CLI through an attacker-controlled recipient or identity string, or to the following age APIs when the plugin feature flag is enabled: -...

Malicious plugin names, recipients, or identities can cause arbitrary binary execution

A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided through an attacker-controlled input to the following age APIs when the plugin feature flag is enabled: - age::plugin::Identity::fromstr or equivalently str::parse:: ...

Malicious plugin names, recipients, or identities can cause arbitrary binary execution

A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the rage CLI through an attacker-controlled recipient or identity string, or an attacker-controlled plugin name via the -j flag. On UNIX systems, a directory...

RUSTSEC-2024-0432 Malicious plugin names, recipients, or identities can cause arbitrary binary execution

A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the rage CLI through an attacker-controlled recipient or identity string, or an attacker-controlled plugin name via the -j flag. On UNIX systems, a directory...

PT-2024-36790

Name of the Vulnerable Software and Affected Versions pyrage versions 1.2.0 through 1.2.2 Description The issue concerns the execution of arbitrary binaries due to malicious plugin names, recipients, or identities. This can occur when a plugin name containing a path separator is provided to the a...