WordPress Import Social Events plugin <= 1.8.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Import Social Events versions = 1.8.5...

WordPress Cost of Goods for WooCommerce plugin <= 3.7.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Cost of Goods for WooCommerce versions = 3.7.0...

WordPress Product Notes Tab & Private Admin Notes for WooCommerce plugin <= 3.1.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Product Notes Tab & Private Admin Notes for WooCommerce versions = 3.1.0...

WordPress bunny.net plugin <= 2.3.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin bunny.net versions = 2.3.0...

WordPress Popup Box plugin < 4.7.8 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Popup box versions 4.7.8...

WordPress Z-Downloads plugin < 1.11.6 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Minh Giang & Christopher Houk in WordPress Plugin Z-Downloads versions 1.11.6...

WordPress JavaScript Logic plugin <= 0.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Daniel Ruf in WordPress Plugin JavaScript Logic versions = 0.1...

WordPress Push Notification for Post and BuddyPress plugin <= 1.93 - Multiple Unauthenticated SQLi vulnerability

Multiple Unauthenticated SQLi vulnerability discovered by Project Black in WordPress Plugin Push Notification for Post and BuddyPress versions = 1.93...

WordPress Connexion Logs plugin <= 3.0.2 - Admin+ SQL Injection vulnerability

Admin+ SQL Injection vulnerability discovered by Régis SENET in WordPress Plugin Connexion Logs versions = 3.0.2...

WordPress Sailthru Triggermail plugin < 1.1 - Subscriber+ Stored XSS vulnerability

Subscriber+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Sailthru Triggermail versions 1.1...

WordPress Simple Lightbox plugin < 2.9.4 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Pierre Rudloff in WordPress Plugin Simple Lightbox versions 2.9.4...

WordPress Multimedia Responsive Carousel with Image Video Audio Support plugin <= 2.6.0 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Multimedia Responsive Carousel with Image Video Audio Support versions = 2.6.0...

WordPress Sticky HTML5 Music Player plugin <= 3.1.6 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Sticky HTML5 Music Player versions = 3.1.6...

WordPress Nasa Core Plugin <= 6.4.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Plugin Nasa Core versions 6.4.4...

WordPress Ads Pro plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 5.0...

WordPress WooCommerce POS plugin <= 1.7.8 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Marek Mikita in WordPress Plugin WooCommerce POS versions = 1.7.8...

WordPress Travelpayouts plugin < 1.1.14 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Travelpayouts versions 1.1.14...

WordPress WP2LEADS plugin <= 3.5.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by johska Patchstack Alliance in WordPress Plugin WP2LEADS versions = 3.5.0...

Securing the Code: Building a Culture of Credential Protection in Dev Teams

Credential protection is key to preventing breaches. Secure APIs, rotate secrets and train devs to handle credentials safely…...

MAL-2025-3948 Malicious code in developer-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 13d76633d0e28457718da249adad23171e53973864ef3e53406c78ced005d3af The OpenSSF Package Analysis project identified 'developer-bridge' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...