5 matches found
EUVD-2025-25005
Malicious code in bioql PyPI...
CVE-2025-7650
The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.53 via the 'bizcalv' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...
CVE-2025-7650 BizCalendar Web <= 1.1.0.53 - Authenticated (Contributor+) Local File Inclusion
The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.53 via the 'bizcalv' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...
CVE-2025-7650
The CVE-2025-7650 entry concerns the BizCalendar Web WordPress plugin (versions up to 1.1.0.50) and describes an Authenticated (Contributor+) Local File Inclusion via the bizcalv shortcode. The underlying risk is that an authenticated attacker with Contributor-level access can include and execute...
CVE-2024-1780
The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.1.0.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...