51 matches found
CVE-2026-1672 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification
The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the wooberedrawtablerow function. This makes it possibl...
Space Bears Ransomware Claims Comcast Data Theft Through Quasar Breach
Space Bears ransowmare claims it obtained Comcast files through a breach at Quasar Inc, with threats to publish the data and separate leaks promised from Quasar itself...
EUVD-2025-11290
Malicious code in bioql PyPI...
EUVD-2025-21756
Malicious code in bioql PyPI...
EUVD-2025-11367
Malicious code in bioql PyPI...
CVE-2025-5396
The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbackupajaxhandle function not having a capability check, nor validating user supplied input passed directly to calluserfunc. This makes it possible for...
CVE-2025-5396
The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbackupajaxhandle function not having a capability check, nor validating user supplied input passed directly to calluserfunc. This makes it possible for...
CVE-2025-5396 Bears Backup <= 2.0.0 - Unauthenticated Remote Code Execution
The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbackupajaxhandle function not having a capability check, nor validating user supplied input passed directly to calluserfunc. This makes it possible for...
CVE-2025-5396
CVE-2025-5396 affects the Bears Backup plugin for WordPress (all versions up to 2.0.0). Root cause: bbackup_ajax_handle() lacks a capability check and passes unsanitized input directly to call_user_func(), enabling unauthenticated remote code execution. Impact includes potential backdoors or crea...
CVE-2025-5396 Bears Backup <= 2.0.0 - Unauthenticated Remote Code Execution
The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbackupajaxhandle function not having a capability check, nor validating user supplied input passed directly to calluserfunc. This makes it possible for...
WordPress plugin Bears Backup 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
PT-2025-29897 · Alone +1 · Alone +1
Name of the Vulnerable Software and Affected Versions: Bears Backup versions prior to 2.0.1 Description: The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to and including 2.0.0. This is due to the bbackup ajax handle function lacking capability check...
CVE-2025-3688
A vulnerability, which was classified as problematic, was found in mirweiye Seven Bears Library CMS 2023. This affects an unknown part of the component Background Management Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...
CVE-2025-3691
A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It has been classified as problematic. Affected is an unknown function of the component Add Link Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-3691
A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It has been classified as problematic. Affected is an unknown function of the component Add Link Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-3691
A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It has been classified as problematic. Affected is an unknown function of the component Add Link Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-3691 mirweiye Seven Bears Library CMS Add Link server-side request forgery
A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It has been classified as problematic. Affected is an unknown function of the component Add Link Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-3691
CVE-2025-3691 affects mirweiye Seven Bears Library CMS (2023) via the Add Link Handler. Reported vulnerability is server-side request forgery (SSRF) that can be triggered remotely. Several sources confirm remote exploitation and public disclosure; no explicit patch details are provided in the sup...
CVE-2025-3691 mirweiye Seven Bears Library CMS Add Link server-side request forgery
A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It has been classified as problematic. Affected is an unknown function of the component Add Link Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-3688
A vulnerability, which was classified as problematic, was found in mirweiye Seven Bears Library CMS 2023. This affects an unknown part of the component Background Management Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...