News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Local File Inclusion

The News & Blog Designer Pack WordPress plugin up to version 3.4.1 contains a remote code execution caused by local file inclusion in the bdpgetmorepost function, letting unauthenticated attackers include arbitrary PHP files, exploit requires AJAX request with crafted POST data. id: CVE-2023-5815...

EUVD-2025-9478

Malicious code in bioql PyPI...

CVE-2025-31082

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in InfornWeb News & Blog Designer Pack blog-designer-pack allows PHP Local File Inclusion.This issue affects News & Blog Designer Pack: from n/a through = 4.0...

CVE-2025-31082

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in InfornWeb News & Blog Designer Pack blog-designer-pack allows PHP Local File Inclusion.This issue affects News & Blog Designer Pack: from n/a through = 4.0...

VulnCheck KEV: CVE-2025-31082

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in InfornWeb News & Blog Designer Pack blog-designer-pack allows PHP Local File Inclusion.This issue affects News & Blog Designer Pack: from n/a through = 4.0...

CVE-2023-5815

The News & Blog Designer Pack – WordPress Blog Plugin — Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdpgetmorepost...

CVE-2023-5815

The News & Blog Designer Pack WordPress plugin (

WordPress Plugin News & Blog Designer Pack Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

CVE-2022-4792

The News & Blog Designer Pack WordPress plugin before 3.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4792 News & Blog Designer Pack < 3.3 - Contributor+ Stored XSS via Shortcode

The News & Blog Designer Pack WordPress plugin before 3.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4792

CVE-2022-4792 affects the WordPress plugin “News & Blog Designer Pack” (pre-3.3). The flaw is improper validation/escaping of a shortcode attribute, enabling a user with at least contributor privileges to perform a Stored XSS attack. Impact is limited to data/JS execution via the vulnerable short...

WordPress plugin News & Blog Designer Pack 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

News & Blog Designer Pack < 3.3 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: bdpmasonry grid='1" onmouseover="alert1" style="background:red;"'...

WordPress News & Blog Designer Pack – WordPress Blog Plugin plugin < 2.3.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress News & Blog Designer Pack – WordPress Blog Plugin plugin versions 2.3.1. Solution Update the WordPress News & Blog Designer Pack – WordPress Blog Plugin plugin to the latest available version at least 2.3.1...