EUVD-2025-5969

Malicious code in bioql PyPI...

CVE-2024-10860 NextMove Lite – Thank You Page for WooCommerce <= 2.19.0 - Missing Authorization to Authenticated (Subscriber+) Deactivation Reason Submission

The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized submission of data due to a missing capability check on the submituninstallreasonaction function in all versions up to, and including, 2.19.0. This makes it possible for authenticated attackers,...

CVE-2024-10663

CVE-2024-10663 concerns Eleblog – Elementor Blog And Magazine Addons for WordPress (versions up to 1.8). A missing capability check in goodbye_form_callback() enables unauthenticated? no, this requires authenticated Subscriber+ access to modify data by submitting a deactivation reason. The CVE no...

PT-2024-16439 · WordPress · Eleblog

Name of the Vulnerable Software and Affected Versions: Eleblog – Elementor Blog And Magazine Addons plugin for WordPress versions up to, and including, 1.8 Description: The issue is related to a missing capability check on the goodbye form callback function, allowing authenticated attackers with...