393 matches found
Malicious Package
Overview @aio-commerce-sdk/config-typescript is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...
EUVD-2025-36802
Malicious code in @aio-commerce-sdk/config-typedoc npm...
EUVD-2025-36801
Malicious code in @aio-commerce-sdk/config-typescript npm...
EUVD-2025-36800
Malicious code in @aio-commerce-sdk/config-vitest npm...
EUVD-2025-36803
Malicious code in @aio-commerce-sdk/config-tsdown npm...
Malicious code in @aio-commerce-sdk/config-typedoc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7115c3c8e9d8049f239251eeaf99504698b6eea04f36d5490dedff17b173f77b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @aio-commerce-sdk/config-vitest (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 952a468e9821b0b8238bc9a6e6c0f9ee4964fca63e82403ed880279141fb5088 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @aio-commerce-sdk/config-tsdown (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0ae61acddeafb85596fd6c4a2c12309826d57b53250d789af0b1145bc8a2c3b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48957 Malicious code in @aio-commerce-sdk/config-typescript (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85b2c7fad2af3e611f7fe4d8399529e1b897e4ca8838e1a5db0a2c61acb4d998 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48956 Malicious code in @aio-commerce-sdk/config-typedoc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7115c3c8e9d8049f239251eeaf99504698b6eea04f36d5490dedff17b173f77b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48958 Malicious code in @aio-commerce-sdk/config-vitest (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 952a468e9821b0b8238bc9a6e6c0f9ee4964fca63e82403ed880279141fb5088 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-11889
The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1.3.18. This makes it possible for authenticated attackers, with Administrator-level access...
WordPress plugin AIO Forms 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
CVE-2025-11889 AIO Forms <= 1.3.15 - Authenticated (Admin+) Arbitrary File Upload via Zip Import
The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1.3.15. This makes it possible for authenticated attackers, with Administrator-level access...
CVE-2025-11889 AIO Forms <= 1.3.18 - Authenticated (Admin+) Arbitrary File Upload via Zip Import
The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1.3.18. This makes it possible for authenticated attackers, with Administrator-level access...
CVE-2025-11889
CVE-2025-11889 : WordPress plugin AIO Forms – Craft Complex Forms Easily is vulnerable to authenticated arbitrary file upload via the Zip Import feature due to missing file type validation in versions up to and including 1.3.15 . The flaw allows users with Administrator-level access and above to ...
PT-2025-43595
Name of the Vulnerable Software and Affected Versions AIO Forms – Craft Complex Forms Easily plugin for WordPress versions through 1.3.15 Description The AIO Forms – Craft Complex Forms Easily plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation...
WordPress AIO Forms plugin <= 1.3.18 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by tmrswrr in WordPress Plugin AIO Forms versions = 1.3.18...
CVE-2025-6833 All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Clocking In/Out
The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0 via the 'aiotimeclocklitejs' AJAX action due to missing validation on a user controlled key. This makes it...
EUVD-2005-0917
Malware in sbrugna...