106 matches found
EUVD-2024-47006
The Easy Image Collage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajaximagecollage function in all versions up to, and including, 1.13.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
EUVD-2026-11740
wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inject malicious scripts by submitting comments with unescaped content. Attackers with unfilteredhtml capabilities can inject JavaScript...
PT-2026-20297
The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajax save custom plugin function, which is disabled by prefixing the check with 'false &&'. This makes it possible f...
CVE-2025-15507
The Magic Import Document Extractor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsyncusage function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to modify the plugin's...
EUVD-2025-206797
The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 5.6.0. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'ajax' function. This makes it...
CVE-2025-1233
The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafkaoptionsupload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the...
EUVD-2025-204251
The Demo Importer Plus plugin for WordPress is vulnerable to unauthorized modification of data, loss of data, and privilege escalation due to a missing capability check on the Ajax::handlerequest function in all versions up to, and including, 2.0.8. This makes it possible for authenticated...
CVE-2025-13359
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based SQL Injection via the "getTermsForAjax" function in all versions up to, and including, 3.40.1. This is due to insufficient escaping on the user supplied parameters and lack of...
CVE-2025-10313 Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting
The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the faradminajaxfun function in all versions up to, and including, 1.1. This makes it possible for...
VulnCheck KEV: CVE-2025-2539
The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm, to read...
EUVD-2024-16818
Malicious code in bioql PyPI...
EUVD-2023-3061
Malicious code in bioql PyPI...
EUVD-2023-12740
Malicious code in bioql PyPI...
EUVD-2024-50063
Malicious code in bioql PyPI...
EUVD-2024-16682
Malicious code in bioql PyPI...
EUVD-2025-17054
Malicious code in bioql PyPI...
EUVD-2024-47091
Malicious code in bioql PyPI...
EUVD-2024-32664
Malicious code in bioql PyPI...
EUVD-2024-17082
Malicious code in bioql PyPI...
EUVD-2025-9913
Malicious code in bioql PyPI...