WordPress Code Snippets plugin <= 3.9.1 - Authenticated (Contributor+) PHP Code Injection via extract() and PHP Filter Chains vulnerability

Authenticated Contributor+ PHP Code Injection via extract and PHP Filter Chains vulnerability discovered by mikemyers in WordPress Plugin Code Snippets versions = 3.9.1...

EUVD-2021-11920

Malware in sbrugna...

EUVD-2020-24200

Malware in sbrugna...

advisories

It is an advisory repository for undisclosed vulnerabilities. Th...

EUVD-2025-3413

Malicious code in bioql PyPI...

EUVD-2023-41376

Malicious code in bioql PyPI...

EUVD-2023-51765

Malicious code in bioql PyPI...

EUVD-2025-3485

Malicious code in bioql PyPI...

EUVD-2022-30277

Malicious code in bioql PyPI...

EUVD-2023-27732

Malicious code in bioql PyPI...

EUVD-2024-34127

Malicious code in bioql PyPI...

EUVD-2022-33773

Malicious code in bioql PyPI...

CVE-2025-23864

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Luke America WCS QR Code Generator wcs-qr-code-generator allows Stored XSS.This issue affects WCS QR Code Generator: from n/a through = 1.0...

CVE-2024-7420

The Insert PHP Code Snippet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation in the /admin/snippets.php file. This makes it possible for unauthenticated attackers to activate/deactiva...

CVE-2024-11464

The Easy Code Snippets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2023-47666

Cross-Site Request Forgery CSRF vulnerability in Code Snippets Pro Code Snippets.This issue affects Code Snippets: from n/a through 3.5.0...

CVE-2023-23650

Auth. subscriber+ Stored Cross-Site Scripting XSS vulnerability in MainWP MainWP Code Snippets Extension plugin = 4.0.2 versions...

CVE-2023-23645

Improper Control of Generation of Code 'Code Injection' vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2...

CVE-2021-25008

The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue...

Automatically Generating Rules of Malicious Software Packages Via Large Language Model

Today's security tools predominantly rely on predefined rules crafted by experts, making them poorly adapted to the emergence of software supply chain attacks. To tackle this limitation, we propose a novel tool, RuleLLM, which leverages large language models LLMs to automate rule generation for O...