162 matches found
WordPress RTMKit plugin <= 2.0.2 - Authenticated (Author+) Missing Authorization to Widget Configuration Modification vulnerability
Authenticated Author+ Missing Authorization to Widget Configuration Modification vulnerability discovered by momopon1415 in WordPress Plugin RTMKit versions = 2.0.2...
CVE-2026-41934 Vvveb < 1.0.8.2 Authenticated RCE via Code Editor
Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent...
WordPress MaxiBlocks Builder plugin <= 2.1.8 - Missing Authorization to Authenticated (Author+) Media File Deletion vulnerability
Missing Authorization to Authenticated Author+ Media File Deletion vulnerability discovered by Teerachai Somprasong in WordPress Plugin MaxiBlocks versions = 2.1.8...
CVE-2026-28228
OpenOLAT SAS/Velocity SSTI vulnerability (CVE-2026-28228) allows an authenticated author to inject Velocity directives into a reminder email; when processed, directives are evaluated server-side via Velocity #set chained with Java reflection, enabling arbitrary Java class execution (e.g., Process...
CVE-2026-28228 OpenOLAT: Server-Side Template Injection (SSTI) in Velocity templates allows Remote Code Execution
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...
PT-2026-29118
Name of the Vulnerable Software and Affected Versions OpenOlat versions prior to 19.1.31 OpenOlat versions prior to 20.1.18 OpenOlat versions prior to 20.2.5 Description OpenOlat is a web-based e-learning platform. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the...
CVE-2025-8899 Paid Videochat Turnkey Site – HTML5 PPV Live Webcams <= 7.3.20 - Authenticated (Author+) Privilege Escalation
The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.3.20. This is due to videowhisperregisterform function not restricting user roles that can be set during registration. This makes it possible...
WordPress Responsive Lightbox & Gallery plugin <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload vulnerability
Authenticated Author+ Server-Side Request Forgery via Remote Library Image Upload vulnerability discovered by lucsob in WordPress Plugin Responsive Lightbox versions = 2.7.1...
WordPress Meta-box GalleryMeta plugin <= 3.0.1 - Missing Authorization to Authenticated (Author+) Gallery Management vulnerability
Missing Authorization to Authenticated Author+ Gallery Management vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Meta-box GalleryMeta versions = 3.0.1...
CVE-2023-4460
The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
WordPress Post Expirator plugin <= 4.9.1 - Authenticated (Author+) Missing Authorization to Post/Page Status Modification vulnerability
Authenticated Author+ Missing Authorization to Post/Page Status Modification vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Post Expirator versions = 4.9.1...
CVE-2025-9698 The Plus Addons for Elementor < 6.3.16 - Author+ Stored XSS
The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks...
EUVD-2010-5066
Malware in sbrugna...
EUVD-2020-21048
Malware in sbrugna...
EUVD-2021-11641
Malware in sbrugna...
EUVD-2011-4564
Malware in sbrugna...
EUVD-2021-11728
Malware in sbrugna...
EUVD-2023-58772
Malicious code in bioql PyPI...
EUVD-2024-1951
Malicious code in bioql PyPI...
EUVD-2023-34432
Malicious code in bioql PyPI...