MAL-2026-4593 Malicious code in klaudius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0b40ecfc7aa434ac63d620d4aaab0434dd57b0fac274bb9f5d1514e263be4a3 The package's CLI bundle dist/bin.js and an associated chunk dist/chunk-SZ4KCTSL.js contain hardcoded fetch POST calls to https://api.telegram.org, t...

Malicious code in klaudius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0b40ecfc7aa434ac63d620d4aaab0434dd57b0fac274bb9f5d1514e263be4a3 The package's CLI bundle dist/bin.js and an associated chunk dist/chunk-SZ4KCTSL.js contain hardcoded fetch POST calls to https://api.telegram.org, t...

MAL-2026-4471 Malicious code in @zesyn/zeditor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c8e293ad2413e2e04b9ce3411d1650381143b104c40bbcb4a17c1140c9ef912 The package advertises itself as a browser rich-text editor, but on every new Zeditor... instantiation it waits 2 seconds and then POSTs end-user...

Malicious code in @zesyn/zeditor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c8e293ad2413e2e04b9ce3411d1650381143b104c40bbcb4a17c1140c9ef912 The package advertises itself as a browser rich-text editor, but on every new Zeditor... instantiation it waits 2 seconds and then POSTs end-user...

Event Calendar < 1.1.51 - Subscriber+ Event Creation

The plugin does not have proper authorisation and CSRF checks in the addcalendarevent AJAX actions, allowing users with a role as low as subscriber to create events Adding calendar events: fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...