CVE-2026-3499 Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce 13.4.6 - 13.5.2.1 - Cross-Site Request Forgery to Multiple Administrative Actions

The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 13.4.6 through 13.5.2.1. This is due to missing or incorrect nonce validation on the ajaxmigratetocustomposttype,...

EUVD-2025-28787

Malicious code in bioql PyPI...

EUVD-2025-28784

Malicious code in bioql PyPI...

CVE-2025-7828

The WP Filter & Combine RSS Feeds plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the postlistingpage function in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-7842

The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'silrsseditpage' page. This makes it possible for unauthenticated attackers to delete RSS feeds via a...

CVE-2025-7842

The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'silrsseditpage' page. This makes it possible for unauthenticated attackers to delete RSS feeds via a...

CVE-2025-7828

CVE-2025-7828 affects the WordPress plugin WP Filter & Combine RSS Feeds (versions up to 0.4). Root cause: missing capability check in post_listing_page(), allowing authenticated attackers with Contributor-level access and above to delete feeds (unauthorized modification of data). Public details ...

CVE-2025-7828 WP Filter & Combine RSS Feeds <= 0.4 - Missing Authorization to Authenticated (Contributor+) Feed Deletion

The WP Filter & Combine RSS Feeds plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the postlistingpage function in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-7842

CVE-2025-7842 – Silencesoft RSS Reader (WordPress)

PT-2025-34510 · WordPress · Wp Filter & Combine Rss Feeds

Name of the Vulnerable Software and Affected Versions: WP Filter & Combine RSS Feeds plugin for WordPress versions up to and including 0.4 Description: The WP Filter & Combine RSS Feeds plugin for WordPress is susceptible to unauthorized data modification because of a missing capability check...