EUVD-2025-4552

Malicious code in bioql PyPI...

CVE-2024-6566

The Aramex Shipping WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.21. This is due the plugin not preventing direct access to the composer-setup.php file which also has displayerrors enabled. This makes it possible for...

CVE-2024-13537

The C9 Blocks plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.7.7. This is due the plugin containing a publicly accessible composer-setup.php file with error display enabled. This makes it possible for unauthenticated attackers to retrieve the fu...

CVE-2024-13537

CVE-2024-13537 affects the C9 Blocks WordPress plugin (≤1.7.7) and enables Full Path Disclosure through a publicly accessible composer-setup.php with error display enabled. An unauthenticated attacker can retrieve the web app’s full path, which could aid subsequent attacks. The Wordfence entry li...

CVE-2024-13535

The Actionwear products sync plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.3.2. This is due the composer-setup.php file being publicly accessible with 'displayerrors' set to true. This makes it possible for unauthenticated attackers to retrieve...

CVE-2024-7414 PDF Builder for WPForms <= 1.2.116 - Unauthenticated Full Path Disclosure

The PDF Builder for WPForms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.116. This is due to the plugin allowing direct access to the composer-setup.php file which has displayerrors on. This makes it possible for unauthenticated attackers to...