26 matches found
EUVD-2025-25005
Malicious code in bioql PyPI...
EUVD-2025-8346
Malicious code in bioql PyPI...
WordPress Plugin BizCalendar Web PHP Remote File Inclusion Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin BizCalendar Web 1.1.0.50 and previous versions of the PHP remote file inclusion...
CVE-2025-7650
The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.53 via the 'bizcalv' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...
CVE-2025-7650
The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.53 via the 'bizcalv' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...
CVE-2025-7650 BizCalendar Web <= 1.1.0.53 - Authenticated (Contributor+) Local File Inclusion
The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.53 via the 'bizcalv' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...
CVE-2025-7650 BizCalendar Web <= 1.1.0.53 - Authenticated (Contributor+) Local File Inclusion
The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.53 via the 'bizcalv' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...
CVE-2025-7650
The CVE-2025-7650 entry concerns the BizCalendar Web WordPress plugin (versions up to 1.1.0.50) and describes an Authenticated (Contributor+) Local File Inclusion via the bizcalv shortcode. The underlying risk is that an authenticated attacker with Contributor-level access can include and execute...
PT-2025-33460 · WordPress · Bizcalendar Web
Name of the Vulnerable Software and Affected Versions: BizCalendar Web plugin for WordPress versions prior to 1.1.0.51 Description: The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion via the bizcalv shortcode. Authenticated attackers with Contributor-level access and...
WordPress plugin BizCalendar Web 安全漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin BizCalendar Web 1.1.0.50 and previous versions of the PHP remote file inclusion...
CVE-2024-1780
The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.1.0.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-30843
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in setriosoft bizcalendar-web bizcalendar-web allows SQL Injection.This issue affects bizcalendar-web: from n/a through = 1.1.0.34...
CVE-2025-30843
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in setriosoft bizcalendar-web bizcalendar-web allows SQL Injection.This issue affects bizcalendar-web: from n/a through = 1.1.0.34...
WordPress bizcalendar-web plugin <= 1.1.0.34 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Phan Trong Quan - VNPT Cyber Immunity in WordPress Plugin bizcalendar-web versions = 1.1.0.34...
CVE-2025-30843 WordPress bizcalendar-web plugin <= 1.1.0.34 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in setriosoft bizcalendar-web bizcalendar-web allows SQL Injection.This issue affects bizcalendar-web: from n/a through = 1.1.0.34...
CVE-2025-30843
CVE-2025-30843 (BizCalendar Web) is an authenticated SQL Injection in BizCalendar Web up to version 1.1.0.34. The issue is described as an SQL injection vulnerability caused by improper neutralization of inputs in the product’s web interface. The CVSS v3.1 metrics list a base score of 7.6 (HIGH) ...
CVE-2025-30843 WordPress bizcalendar-web plugin <= 1.1.0.34 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in setriosoft bizcalendar-web bizcalendar-web allows SQL Injection.This issue affects bizcalendar-web: from n/a through = 1.1.0.34...
WordPress plugin setriosoft bizcalendar-web SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin setriosoft...
WordPress BizCalendar Web plugin <= 1.1.0.25 - Reflected Cross-Site Scripting via 'tab' vulnerability
Reflected Cross-Site Scripting via 'tab' vulnerability discovered by WordFence in WordPress Plugin bizcalendar-web versions = 1.1.0.25...
WordPress bizcalendar-web Plugin <= 1.1.0.25 is vulnerable to Cross Site Scripting (XSS)
Software bizcalendar-web Type Plugin Vulnerable versions = 1.1.0.25 Fixed in 1.1.0.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1780 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 262671a35eab Credits WordFence...