WordPress Multicollab: Content Team Collaboration and Editorial Workflow plugin <= 5.2 - Missing Authorization to Authenticated (Subscriber+) Collaboration Comment vulnerability

Missing Authorization to Authenticated Subscriber+ Collaboration Comment vulnerability discovered by Jigar Bhanushali Jigar787 - https://jigarbhanushali.com/ in WordPress Plugin Multicollab – Google Doc-Style Editorial Commenting for WordPress versions = 5.2...

CVE-2025-63293

Product: FairSketch Rise Ultimate Project Manager & CRM 3.9.4. Vulnerability: Insecure Permissions in the ticketing/commenting API, allowing a remote authenticated user to append comments or upload attachments to tickets they should not view/edit due to missing authorization checks. Impact (per s...

EUVD-2012-0356

Malware in sbrugna...

EUVD-2010-4851

Malware in sbrugna...

EUVD-2017-9232

Malware in sbrugna...

EUVD-2019-6667

Malware in sbrugna...

EUVD-2025-20284

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-28036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. CVE-2020-28036 Note...

WordPress Muut – Commenting and Forums Re-Imagined plugin <= 3.0.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Muut – Commenting and Forums Re-Imagined versions = 3.0.6...

PT-2024-39047 · WordPress · Special Text Boxes

Name of the Vulnerable Software and Affected Versions: The Special Text Boxes plugin for WordPress versions up to and including 6.2.2 Description: The issue is related to arbitrary shortcode execution. This is due to the plugin adding the filter add filter'comment text','do shortcode';, which run...

CVE-2024-35539

Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently...

CVE-2024-35539

CVE-2024-35539 concerns Typecho v1.3.0, where a race condition in the post commenting function lets an attacker post multiple comments before spam-protection checks if made rapidly. Affected component: post commenting feature in Typecho 1.3.0. Reported impact per sources includes potential bypass...

CVE-2024-35539

Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently...

CVE-2024-35539

Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently...

CVE-2024-4886 BuddyBoss Platform < 2.6.0 - Subscriber+ Comment on Private Post via IDOR

The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request...

CVE-2024-25983

Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available e.g., on their profile page...

Sekiryu - Comprehensive Toolkit For Ghidra Headless

This Ghidra Toolkit is a comprehensive suite of tools designed to streamline and automate various tasks associated with running Ghidra in Headless mode. This toolkit provides a wide range of scripts that can be executed both inside and alongside Ghidra, enabling users to perform tasks such as...

Threat Actors Using Obfuscation in Attempt to Evade Detection

As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In the event of a security incident, our incident response team will investigate the root cause, find and remove malware from your site, and help with other...

WordPress Multicollab – Google Doc-Style Editorial Commenting for WordPress Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS)

Software Multicollab – Google Doc-Style Editorial Commenting for WordPress Type Plugin Vulnerable versions = 3.1 Fixed in 3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 946cd7dfe9f...

Code injection

Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time ...