WordPress Sitemap by click5 <1.0.36 - Missing Authorization

WordPress Sitemap by click5 plugin before 1.0.36 is susceptible to missing authorization. The plugin does not have authorization or CSRF checks when updating options via a REST endpoint and does not ensure that the option to be updated belongs to the plugin. An attacker can possibly obtain...

EUVD-2025-17521

Malicious code in bioql PyPI...

EUVD-2025-9450

Malicious code in bioql PyPI...

CVE-2025-47598

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in click5 History Log by click5 history-log-by-click5 allows Stored XSS.This issue affects History Log by click5: from n/a through = 1.0.13...

CVE-2025-47598

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in click5 History Log by click5 history-log-by-click5 allows Stored XSS.This issue affects History Log by click5: from n/a through = 1.0.13...

CVE-2025-47598 WordPress History Log by click5 plugin <= 1.0.13 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in click5 History Log by click5 history-log-by-click5 allows Stored XSS.This issue affects History Log by click5: from n/a through = 1.0.13...

CVE-2025-47598 WordPress History Log by click5 <= 1.0.13 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in click5 History Log by click5 allows Stored XSS. This issue affects History Log by click5: from n/a through 1.0.13...

CVE-2025-47598

CVE-2025-47598 affects WordPress plugin History Log by click5 (versions up to and including 1.0.13). The vulnerability is an Stored Cross-Site Scripting (XSS) flaw caused by improper input neutralization during web page generation. An attacker could inject malicious scripts that are stored and la...

WordPress plugin History Log by click5 跨站脚本漏洞

WordPress History Log by click5 is a plugin for tracking user activity and logging changes to your website. A cross-site scripting vulnerability exists in WordPress History Log by click5. The vulnerability stems from improper input neutralization and can be exploited by an attacker to execute...

PT-2025-24508 · Click5 · Click5 History Log

Name of the Vulnerable Software and Affected Versions: History Log by click5 versions 1.0.0 through 1.0.13 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...

CVE-2025-31531

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in click5 History Log by click5 history-log-by-click5 allows SQL Injection.This issue affects History Log by click5: from n/a through = 1.0.13...

CVE-2025-31531

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in click5 History Log by click5 history-log-by-click5 allows SQL Injection.This issue affects History Log by click5: from n/a through = 1.0.13...

CVE-2025-31531

CVE-2025-31531: History Log by click5 plugin is affected by an Unauthenticated SQL Injection. Affected software/version: History Log by click5

CVE-2025-31531 WordPress History Log by click5 plugin <= 1.0.13 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in click5 History Log by click5 history-log-by-click5 allows SQL Injection.This issue affects History Log by click5: from n/a through = 1.0.13...

CVE-2025-31531 WordPress History Log by click5 plugin <= 1.0.13 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in click5 History Log by click5 history-log-by-click5 allows SQL Injection.This issue affects History Log by click5: from n/a through = 1.0.13...

WordPress plugin History Log by click5 SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

VulnCheck KEV: CVE-2022-0952

The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such...

CVE-2023-5082

The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it...

CVE-2023-5082

The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it...

CVE-2023-5082 History Log by click5 < 1.0.13 - Admin+ Time-Based Blind SQL Injection

The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it...