55 matches found
CVE-2026-4280
The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...
WordPress Breaking News WP plugin <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Local File Inclusion/Read vulnerability
Missing Authorization to Authenticated Subscriber+ Local File Inclusion/Read vulnerability discovered by t0ann9uy3n in WordPress Plugin Breaking News WP versions = 1.3...
EUVD-2026-24688
The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...
CVE-2026-4280
The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...
CVE-2026-4280 Breaking News WP <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Local File Inclusion/Read
The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...
CVE-2026-4280
The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...
CVE-2026-4280
CVE-2026-4280 affects Breaking News WP for WordPress (versions up to 1.3). The brnwp_ajax_form endpoint lacks authorization checks and CSRF verification, and the brnwp_show_breaking_news_wp() shortcode handler directly passes brnwp_theme to include(), enabling Local File Inclusion via directory t...
PT-2026-34300
Name of the Vulnerable Software and Affected Versions Breaking News WP versions prior to 1.4 Description The Breaking News WP plugin for WordPress contains a Local File Inclusion issue. The 'brnwp ajax form' AJAX endpoint lacks authorization checks and CSRF verification. Additionally, there is...
EUVD-2025-4027
Malicious code in bioql PyPI...
EUVD-2025-9269
Malicious code in bioql PyPI...
EUVD-2025-9265
Malicious code in bioql PyPI...
CVE-2025-58217
Cross-Site Request Forgery CSRF vulnerability in GeroNikolov Instant Breaking News instant-breaking-news allows Stored XSS.This issue affects Instant Breaking News: from n/a through = 1.0...
WordPress Instant Breaking News Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Instant Breaking News versions = 1.0...
CVE-2025-58217 WordPress Instant Breaking News Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in GeroNikolov Instant Breaking News instant-breaking-news allows Stored XSS.This issue affects Instant Breaking News: from n/a through = 1.0...
CVE-2025-58217
CVE-2025-58217 affects WordPress plugin Instant Breaking News: CSRF vulnerability that enables stored XSS. Impact per documents: requires user interaction; affected versions from n/a through 1.0. Exploitation status not provided; remediation: patch applied (Patched) per Wordfence listing. If usin...
CVE-2025-58217 WordPress Instant Breaking News Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in GeroNikolov Instant Breaking News instant-breaking-news allows Stored XSS.This issue affects Instant Breaking News: from n/a through = 1.0...
PT-2025-34926 · Unknown · Geronikolov Instant Breaking News
Name of the Vulnerable Software and Affected Versions: GeroNikolov Instant Breaking News versions n/a through 1.0 Description: A Cross-Site Request Forgery CSRF vulnerability exists in GeroNikolov Instant Breaking News, which also allows Stored Cross-Site Scripting XSS. Recommendations: At the...
WordPress plugin Instant Breaking News 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. Cross-site request forgery vulnerability...
CVE-2024-8056
The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2025-31750
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in doit Breaking News WP breaking-news-wp allows Stored XSS.This issue affects Breaking News WP: from n/a through = 1.3...