PT-2025-43764

Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coupon Affiliates: from n/a through = 7.0.3...

EUVD-2025-28549

Malicious code in bioql PyPI...

CVE-2025-59567

Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coupon Affiliates: from n/a through = 6.8.0...

CVE-2025-54025

Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coupon Affiliates: from n/a through = 6.4.0...

CVE-2025-54025

Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coupon Affiliates: from n/a through = 6.4.0...

CVE-2024-21703

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitiv...

CVE-2024-21703

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitiv...

CVE-2024-29125

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage.This issue affects Coupon Affiliates: from n/a through = 5.12.7...

CVE-2024-29125

CVE-2024-29125 is a Reflected XSS in the WooCommerce Coupon Affiliates plugin (Coupon Affiliates) for WordPress. Affected: Coupon Affiliates up to version 5.12.7. Root cause: Improper neutralization of input during web page generation. Impact: Reflected cross-site scripting possible in pages usin...

WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Broken Access Control

Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47647 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 662abc807ad6 Credits Elliot Required privilege Subscriber...

WordPress Video Player Plugin <= 1.5.22 is vulnerable to Cross Site Scripting (XSS)

Software Video Player Type Plugin Vulnerable versions = 1.5.22 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45632 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e6d8799fdd9f Credits Elliot Required...

WordPress Inactive Logout Plugin <= 3.2.2 is vulnerable to Broken Access Control

Software Inactive Logout Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-44142 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 006870242fb0 Credits Elliot Required privilege...

WordPress POEditor Plugin <= 0.9.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software POEditor Type Plugin Vulnerable versions = 0.9.4 Fixed in 0.9.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32091 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 93cce2a104f7 Credits Elliot Required privilege...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Elliot Sowersby, RelyWP WooCommerce Affiliate Plugin – Coupon Affiliates plugin = 5.4.5 versions...

CVE-2023-30475

CVE-2023-30475 : Unauthenticated reflected XSS in the WordPress plugin “Coupon Affiliates – WooCommerce Affiliate Plugin” (Coupon Affiliates) up to version 5.4.5. Public sources identify the vulnerability as a reflected cross-site scripting issue triggered via the page parameter, with the exploit...

CVE-2023-28992

CVE-2023-28992 is an unauthenticated reflected XSS in the Coupon Affiliates – WooCommerce Affiliate Plugin (RelyWP) up to version 5.4.3. Root cause: untrusted input echoed back without proper sanitization. Impact described as Cross-Site Scripting with potential script execution in affected pages....

CVE-2023-28992 WordPress Coupon Affiliates Plugin <= 5.4.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Elliot Sowersby, RelyWP Coupon Affiliates – WooCommerce Affiliate Plugin plugin = 5.4.3 versions...

Design/Logic Flaw

The advanced-custom-fields aka Elliot Condon Advanced Custom Fields plugin before 5.7.8 for WordPress has XSS by authors...

CVE-2018-20986

The advanced-custom-fields aka Elliot Condon Advanced Custom Fields plugin before 5.7.8 for WordPress has XSS by authors...

iNSYNQ Ransom Attack Began With Phishing Email

A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned. It also looks like the intruders spent roughly ten days rooting around...