PT-2025-33541 · WordPress · Betterdocs

Name of the Vulnerable Software and Affected Versions: BetterDocs – Advanced AI-Driven Documentation, FAQ & Knowledge Base Tool for Elementor & Gutenberg with Encyclopedia, AI Support, Instant Answers plugin for WordPress versions up to and including 4.1.1 Description: The BetterDocs plugin for...

CVE-2025-8091

The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the addsingleeventon and addeventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to...

CVE-2025-8091 EventON Lite <= 2.4.7 - Authenticated (Contributor+) Information Disclosure

The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the addsingleeventon and addeventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to...

CVE-2025-8091 EventON Lite <= 2.4.6 - Authenticated (Contributor+) Information Disclosure

The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the addsingleeventon and addeventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to...

PT-2025-33465 · WordPress · Eventon Lite

Name of the Vulnerable Software and Affected Versions: EventON Lite versions prior to 2.4.7 Description: The EventON Lite plugin for WordPress is vulnerable to Information Exposure in versions prior to 2.4.7 via the add single eventon and add eventon shortcodes. Insufficient restrictions on post...

Malicious code in module-draft-js-mention-plugin (npm)

The package module-draft-js-mention-plugin was found to contain malicious code...

Malicious code in draft-js-mention-plugin-vixlet (npm)

The package draft-js-mention-plugin-vixlet was found to contain malicious code...

Malicious code in ava-ilable-down-load-mp3-today-draft-730-s4686-umrmvz (npm)

The package ava-ilable-down-load-mp3-today-draft-730-s4686-umrmvz was found to contain malicious code...

MAL-2025-18732 Malicious code in draft-js-mention-plugin-vixlet (npm)

The package draft-js-mention-plugin-vixlet was found to contain malicious code...

MAL-2025-40216 Malicious code in yandex-lint-draft (npm)

The package yandex-lint-draft was found to contain malicious code...

Malicious code in yandex-lint-draft (npm)

The package yandex-lint-draft was found to contain malicious code...

MAL-2025-26602 Malicious code in module-draft-js-mention-plugin (npm)

The package module-draft-js-mention-plugin was found to contain malicious code...

MAL-2025-18733 Malicious code in draft-js-sticker-plugin-vixlet (npm)

The package draft-js-sticker-plugin-vixlet was found to contain malicious code...

Malicious code in draft-js-sticker-plugin-vixlet (npm)

The package draft-js-sticker-plugin-vixlet was found to contain malicious code...

Malicious code in test-mlw2-tummy-draft (npm)

The package test-mlw2-tummy-draft was found to contain malicious code...

MAL-2025-36516 Malicious code in test-mlw2-tummy-draft (npm)

The package test-mlw2-tummy-draft was found to contain malicious code...

CVE-2025-8401

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.1 via the 'getpostdata' function. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive...

DEBIAN-CVE-2025-54352

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior...

UBUNTU-CVE-2025-54352

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior...

CVE-2025-54352

CVE-2025-54352 affects WordPress 3.5–6.8.2 and enables remote disclosure of private/draft post titles via pingback.ping XML-RPC requests. A PoC on GitHub demonstrates retrieving the title after sending a pingback to a crafted post. The provided sources confirm the vulnerability but do not specify...