EUVD-2022-34542

Malicious code in bioql PyPI...

EUVD-2021-29331

Malicious code in bioql PyPI...

EUVD-2022-24736

Malicious code in bioql PyPI...

CVE-2023-4947

The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

CVE-2023-2528

The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions vi...

CVE-2022-2267

The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users such as subscriber to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan priva...

CVE-2021-24182

The tutorquizbuildergetanswersbyquestion AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students...

PT-2025-17957 · WordPress · Edumall

Name of the Vulnerable Software and Affected Versions: Edumall theme for WordPress versions up to, and including, 4.2.4 Description: The issue allows unauthenticated attackers to include and execute arbitrary PHP files on the server via the template parameter of the 'edumall lazy load template'...

PT-2025-17488 · WordPress · User Registration & Membership

Name of the Vulnerable Software and Affected Versions: User Registration & Membership WordPress plugin version 4.1.2 and earlier Description: The issue concerns the User Registration & Membership WordPress plugin, where data in an AJAX action is not properly validated when the Membership Addon is...

CVE-2025-0952

The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmastershideadminnotice' AJAX action in all versions up to, and including, 2.0.4. This mak...

CVE-2025-1502

CVE-2025-1502 affects the WordPress plugin IP2Location Redirection (versions up to and including 1.33.3). The issue is a missing capability check on the AJAX action download_ip2location_redirection_backup , allowing unauthenticated attackers to download the plugin’s settings. Public sources in th...

CVE-2023-4600

The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwpactivateaddonspageplugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with...

CVE-2021-4351 Frontend File Manager <= 18.2 - Unauthenticated Post Meta Change

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfmfilemetaupdate AJAX action. This makes it possible for...

CVE-2021-24189

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Captchinoo, Google recaptcha for admin login page WordPress plugin before 2.4, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then...