9 matches found
EUVD-2021-11157
Malware in sbrugna...
EUVD-2021-11881
Malware in sbrugna...
EUVD-2023-43816
Malicious code in bioql PyPI...
EUVD-2022-25178
Malicious code in bioql PyPI...
CVE-2023-7239
The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the postid parameter in its wpdnupdatenote AJAX action. This allows users with a role of contributor and above to update notes created by other users...
PT-2025-17708 · WordPress · Woocommerce Automatic Order Printing
Name of the Vulnerable Software and Affected Versions: WooCommerce Automatic Order Printing plugin versions up to, and including, 4.1 Description: The issue is related to Insecure Direct Object Reference, which allows authenticated attackers with Subscriber-level access and above to view other...
CVE-2022-2376 Directorist < 7.3.1 - Unauthenticated Email Address Disclosure
The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users...
CVE-2022-2377 Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending
The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog...
PT-2022-9505 · WordPress · Transposh Wordpress Translation Plugin
Name of the Vulnerable Software and Affected Versions: Transposh WordPress Translation plugin versions prior to 1.0.8 Description: The issue is related to Stored Cross-Site Scripting. It occurs because the tk0 parameter from the tp translation AJAX action is not properly sanitized and escaped. Th...