EUVD-2024-33433

The Bard Extra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bardxtraimportxml function in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

CVE-2026-25422

Cross-Site Request Forgery CSRF vulnerability in Themes4WP Popularis Extra popularis-extra allows Cross Site Request Forgery.This issue affects Popularis Extra: from n/a through = 1.2.10...

CVE-2025-13091 Shopire <= 1.0.57 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install

The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the shopireadmininstallplugin function in all versions up to, and including, 1.0.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

CVE-2025-13091 Shopire <= 1.0.57 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install

The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the shopireadmininstallplugin function in all versions up to, and including, 1.0.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

PT-2026-20597

The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the shopire admin install plugin function in all versions up to, and including, 1.0.57. This makes it possible for authenticated attackers, with Subscriber-level access and abov...

CVE-2019-16250

includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets CSS token sequence...

CVE-2025-64225

CVE-2025-64225 concerns the WordPress plugin Stockie Extra (

WordPress Envo Extra plugin <= 1.9.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin Envo Extra versions = 1.9.11...

CVE-2025-64365 WordPress Ohio Extra plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in colabrio Ohio Extra ohio-extra allows DOM-Based XSS.This issue affects Ohio Extra: from n/a through = 3.6.0...

WordPress Plugin Ohio Extra 跨站脚本漏洞

WordPress Ohio Extra plugin is a free WordPress plugin designed specifically for the OceanWP theme to enhance the theme functionality and improve the site building experience. WordPress Ohio Extra plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

CVE-2025-62971 WordPress Attesa Extra plugin <= 1.4.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CrestaProject Attesa Extra attesa-extra allows Stored XSS.This issue affects Attesa Extra: from n/a through = 1.4.7...

CVE-2025-62971

CVE-2025-62971 is a stored XSS vulnerability affecting CrestaProject Attesa Extra WordPress plugin (Attesa Extra) versions up to and including 1.4.5. Connected sources corroborate the flaw and specify stored XSS in input handling during web page generation, impacting Attesa Extra versions n/a thr...

EUVD-2020-24201

Malware in sbrugna...

EUVD-2019-7056

Malware in sbrugna...

EUVD-2021-12016

Malware in sbrugna...

EUVD-2021-12022

Malware in sbrugna...

EUVD-2023-27974

Malicious code in bioql PyPI...

EUVD-2025-24542

Malicious code in bioql PyPI...

EUVD-2023-12767

Malicious code in bioql PyPI...

EUVD-2024-33246

Malicious code in bioql PyPI...