CVE-2025-13727

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

CVE-2024-2344

The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticted...

EUVD-2024-33799

Malicious code in bioql PyPI...

EUVD-2025-5883

Malicious code in bioql PyPI...

EUVD-2024-44445

Malicious code in bioql PyPI...

EUVD-2024-33592

Malicious code in bioql PyPI...

PT-2025-39485

Name of the Vulnerable Software and Affected Versions ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution versions prior to 4.8.4 Description The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is susceptible to unauthorized access. This is due to ...

CVE-2025-4964

CVE-2025-4964 applies to WP Online Users Stats for WordPress, with a time-based SQL Injection via the table_name parameter in all versions up to 1.0.0. The root cause is insufficient escaping and lack of proper preparation in the existing SQL query, enabling authenticated attackers with Editor-le...

CVE-2024-7489

The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-10672

The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpgupsertprojectsourceblock function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with...

CVE-2023-1019

The Help Desk WP WordPress plugin through 1.2.0 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks...

CVE-2024-13890

The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. This is due to allowing PHP code to be entered by all users for whom unfiltered HTML is allowed. This makes it possible for authenticated attackers, with Editor-level access a...

CVE-2024-13890

CVE-2024-13890 affects the WordPress plugin Allow PHP Execute (

CVE-2024-13890 Allow PHP Execute <= 1.0 - Authenticated (Editor+) PHP Code Injection

The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. This is due to allowing PHP code to be entered by all users for whom unfiltered HTML is allowed. This makes it possible for authenticated attackers, with Editor-level access a...

CVE-2024-13833

The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. This makes it possible for authenticated attackers, with Editor-level access and above, to inject ...

CVE-2024-13833

The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. This makes it possible for authenticated attackers, with Editor-level access and above, to inject ...

CVE-2024-13833 Album Gallery – WordPress Gallery <= 1.6.3 - Authenticated (Editor+) PHP Object Injection via Gallery Meta

The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. This makes it possible for authenticated attackers, with Editor-level access and above, to inject ...

CVE-2024-13833

CVE-2024-13833: Album Gallery – WordPress Gallery plugin vulnerable to authenticated PHP Object Injection via gallery meta in all versions

CVE-2024-7560

The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflashpostmeta meta value. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PH...

CVE-2024-7351

The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PH...