WordPress Bridge Core plugin <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton - Wordfence in WordPress Plugin Bridge Core versions = 3.2.0...

EUVD-2023-44920

Malicious code in bioql PyPI...

EUVD-2025-9065

Malicious code in bioql PyPI...

EUVD-2025-3934

Malicious code in bioql PyPI...

Malicious code in app-bridge-core (npm)

The package app-bridge-core was found to contain malicious code...

MAL-2025-14660 Malicious code in app-bridge-core (npm)

The package app-bridge-core was found to contain malicious code...

CVE-2025-24744

Missing Authorization vulnerability in NotFound Bridge Core. This issue affects Bridge Core: from n/a through 3.3...

CVE-2024-9860

The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'importaction' and 'installpluginperdemo' functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with...

CVE-2024-9292

The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2025-31409

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Bridge Core allows Stored XSS. This issue affects Bridge Core: from n/a through n/a...

CVE-2025-31409

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Bridge Core allows Stored XSS. This issue affects Bridge Core: from n/a through n/a...

CVE-2025-31409 WordPress Bridge Core plugin < 3.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Bridge Core allows Stored XSS. This issue affects Bridge Core: from n/a through n/a...

CVE-2025-31409

CVE-2025-31409 concerns Bridge Core, where improper neutralization of input during web page generation enables a Stored XSS. Public data show affected software: Bridge Core (before 3.3.1), with patch applied in version 3.3.1. The CVSS-like metrics report vectors such as AV:N/AC:L/PR:L/UI:R/S:C/C:...

CVE-2025-31409 WordPress Bridge Core plugin < 3.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Bridge Core allows Stored XSS. This issue affects Bridge Core: from n/a through n/a...

WordPress plugin Bridge Core 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

PT-2025-14079 · Unknown · Notfound Bridge Core

Name of the Vulnerable Software and Affected Versions: NotFound Bridge Core affected versions not specified Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker ca...

VulnCheck KEV: CVE-2024-9860

The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'importaction' and 'installpluginperdemo' functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with...

CVE-2025-24744

Missing Authorization vulnerability in NotFound Bridge Core. This issue affects Bridge Core: from n/a through 3.3...

CVE-2025-24744

CVE-2025-24744 corresponds to a Missing Authorization (Broken Access) vulnerability in WordPress Bridge Core. The CVE note and Red Hat/Wordfence-related entries consistently describe it as affecting Bridge Core versions up to 3.3. The connected sources confirm the issue is a Missing Authorization...

CVE-2025-24744 WordPress Bridge Core plugin <= 3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in NotFound Bridge Core. This issue affects Bridge Core: from n/a through 3.3...