CVE-2026-8118

The CVE concerns the WordPress plugin Royal Addons for Elementor – Addons and Templates Kit for Elementor (versions 1.7.1058–1.7.1059). A flaw in wpr_get_csv_handle(), introduced in 1.7.1058, allows an authenticated attacker with Contributor+ privileges to cause Arbitrary File Read by abusing set...

CVE-2016-20076 WordPress Simple-Backup 2.7.11 Arbitrary File Deletion and Download

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the deletebackupfile and downloadbackupfile parameters in tools.php. Attackers can exploit insufficient input validation usi...

CVE-2020-37116

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...

EUVD-2025-5096

Malicious code in bioql PyPI...

EUVD-2022-4972

Malicious code in bioql PyPI...

CVE-2025-1730 Simple Download Counter <= 2.0 - Authenticated (Author+) Arbitrary File Read

The Simple Download Counter plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.0 via the 'simpledownloadcounterdownloadhandler'. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data includi...

PT-2025-7215 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.14 Description: A Path Traversal issue was discovered in the WeGIA application, affecting the exportar dump.php endpoint. This could allow an attacker to gain unauthorized access to sensitive information stored in...