CVE-2024-2116

The Christmas Greetings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the code parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?

The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show that bot-driven fraud, credential stuffing and account takeover attempts intensify around peak...

EUVD-2025-8349

Malicious code in bioql PyPI...

EUVD-2025-10635

Malicious code in bioql PyPI...

What Really Happened in the Aftermath of the Lizard Squad Hacks

On Christmas Day in 2014 hackers knocked out the Xbox and PlayStation gaming networks, impacting how video game companies handled cybersecurity for years...

CVE-2025-31401

Cross-Site Request Forgery CSRF vulnerability in mmetrodw MMX – Make Me Christmas mmx-make-me-christmas allows Stored XSS.This issue affects MMX – Make Me Christmas: from n/a through = 1.0.0...

CVE-2025-31401

Cross-Site Request Forgery CSRF vulnerability in mmetrodw MMX – Make Me Christmas mmx-make-me-christmas allows Stored XSS.This issue affects MMX – Make Me Christmas: from n/a through = 1.0.0...

CVE-2025-31401

CVE-2025-31401: MMX – Make Me Christmas plugin contains a CSRF to Stored XSS vulnerability affecting versions up to 1.0.0. The CVE’s base metrics show CVSS 3.1 with a base score of 7.1 (HIGH); attacker vector is NETWORK, with LOW confidentiality/integrity/availability impacts and user interaction...

CVE-2025-31401 WordPress MMX – Make Me Christmas plugin <= 1.0.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in mmetrodw MMX – Make Me Christmas mmx-make-me-christmas allows Stored XSS.This issue affects MMX – Make Me Christmas: from n/a through = 1.0.0...

CVE-2025-31401 WordPress MMX – Make Me Christmas plugin <= 1.0.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in mmetrodw MMX – Make Me Christmas mmx-make-me-christmas allows Stored XSS.This issue affects MMX – Make Me Christmas: from n/a through = 1.0.0...

PT-2025-15752 · Unknown · Mmx – Make Me Christmas

Name of the Vulnerable Software and Affected Versions: MMX – Make Me Christmas versions 1.0.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

WordPress plugin MMX – Make Me Christmas 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

CVE-2025-30842

Cross-Site Request Forgery CSRF vulnerability in pixolette Christmas Panda christmas-panda allows Cross Site Request Forgery.This issue affects Christmas Panda: from n/a through = 1.0.4...

CVE-2025-30842

Cross-Site Request Forgery CSRF vulnerability in pixolette Christmas Panda christmas-panda allows Cross Site Request Forgery.This issue affects Christmas Panda: from n/a through = 1.0.4...

WordPress Christmas Panda plugin <= 1.0.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Christmas Panda versions = 1.0.4...

CVE-2025-30842 WordPress Christmas Panda plugin <= 1.0.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in pixolette Christmas Panda christmas-panda allows Cross Site Request Forgery.This issue affects Christmas Panda: from n/a through = 1.0.4...

CVE-2025-30842 WordPress Christmas Panda plugin <= 1.0.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in pixolette Christmas Panda christmas-panda allows Cross Site Request Forgery.This issue affects Christmas Panda: from n/a through = 1.0.4...

CVE-2025-30842

CVE-2025-30842 is a CSRF vulnerability in the Christmas Panda WordPress plugin, affecting Christmas Panda versions up to 1.0.4. Connected docs indicate the issue has a patched status (retired/mitigated in later releases); details on exploit vectors or fixes beyond this patch status are not provid...

WordPress plugin pixolette Christmas Panda 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

MAL-2024-12234 Malicious code in christmasmiraclemaker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 64f06a86dd5b916af92fc3adf5c1e5638df9eaa156a1bc122e4e647f2aae236e Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...