Secure Coding with AI, from Creation to Inspection

While prior studies have explored security in code generated by ChatGPT and other Large Language Models, they were conducted in controlled experimental settings and did not use code generated or provided from actual developer interactions. This paper not only examines the security of code generat...

WordPress AI Autotagger plugin < 3.30.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin TaxoPress versions 3.30.0...

WordPress Kleo Theme < 5.4.4 is vulnerable to Broken Access Control

Software Kleo Type Theme Vulnerable versions 5.4.4 Fixed in 5.4.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-39367 Patch priority Low CVSS severity Low 5.3 Developer EPC PSID 7bef03870816 Credits Ananda Dhakal Patchstack Required privilege...

Portability and Developer Control: 5 Key Takeaways from NAB 2025

...

WordPress Mailing Group Listserv plugin <= 3.0.4 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by timomangcut in WordPress Plugin Mailing Group Listserv versions = 3.0.4...

WordPress Advanced Accordion Gutenberg Block plugin <= 5.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Avraham Shemesh in WordPress Plugin Advanced Accordion Gutenberg Block versions = 5.0.2...

WordPress Lottie Player plugin <= 1.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via File Upload vulnerability discovered by Avraham Shemesh in WordPress Plugin Lottie Player block - Implement Lottie animations. versions = 1.1.8...

Evaluating Argon2 Adoption and Effectiveness in Real-World Software

Modern password hashing remains a critical defense against credential cracking, yet the transition from theoretically secure algorithms to robust real-world implementations remains fraught with challenges. This paper presents a dual analysis of Argon2, the Password Hashing Competition winner,...

BusyBox 安全漏洞

BusyBox is a suite of applications containing several linux commands and tools by Denis Vlasenko, a Ukrainian individual developer. A security vulnerability exists in BusyBox 1.37.0 and earlier versions, which originates from the fact that tar can hide filenames via terminal escape sequences...

WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Jingle Bells in WordPress Plugin Hospital Management System versions = 47.020-11-2023...

WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jingle Bells in WordPress Plugin Hospital Management System versions = 47.020-11-2023...

WordPress Control Listings plugin <= 1.0.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Aiden Thái An in WordPress Plugin Control Listings versions = 1.0.4.1...

WordPress Frontend Dashboard plugin <= 2.2.5 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Frontend Dashboard versions = 2.2.5...

WordPress GutenKit plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf in WordPress Plugin GutenKit versions = 2.2.2...

WordPress Simple Download Counter plugin <= 2.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Simple Download Counter versions = 2.2...

WordPress Event post plugin <= 5.9.11 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by astra.r3verii in WordPress Plugin Event post versions = 5.9.11...

WordPress MPL-Publisher plugin <= 2.18.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin MPL-Publisher versions = 2.18.0...

WordPress Post in page for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Post in page for Elementor versions = 1.0.1...

WordPress Car Park Booking System for WordPress plugin <= 2.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Car Park Booking System for WordPress versions = 2.6...

WordPress JNews Theme <= 11.6.5 is vulnerable to Broken Access Control

Software JNews Type Theme Vulnerable versions = 11.6.5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-39373 Patch priority Low CVSS severity Low 5.3 Developer EPC PSID 775c2569b9cb Credits Ananda Dhakal Patchstack Required privilege...