14 matches found
CVE-2025-49380
The CVE-2025-49380 describes a Deserialization of Untrusted Data vulnerability in the WordPress plugin WooCommerce Vehicle Parts Finder (woo-vehicle-parts-finder) up to version 3.7, enabling PHP object injection via untrusted data. Public sources confirm the flaw affects WooCommerce Vehicle Parts...
EUVD-2014-4465
Malware in sbrugna...
EUVD-2025-23317
Malicious code in bioql PyPI...
EUVD-2023-51793
Malicious code in bioql PyPI...
Cross site scripting
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Scribit Shortcodes Finder plugin = 1.5.3 versions...
WordPress Broken Link Checker | Finder Plugin <= 2.4.2 is vulnerable to Broken Access Control
Software Broken Link Checker | Finder Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.5.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46082 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID cfffdd260ad0 Credits Abdi Prana...
WordPress cysteme-finder plugin code issue vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code issue vulnerability exists in the WordPress cysteme-finder plugin prior to version 1.4, which stems fro...
CVE-2016-10955
The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking...
CVE-2016-10955
The CVE-2016-10955 affects the WordPress plugin cysteme-finder (before version 1.4). The root cause is incorrect session tracking that allows unrestricted file upload, enabling an attacker to upload, view, or delete files on the server. Red Hat and CNVD entries confirm the same description, and W...
WordPress CYSTEME Finder Plugin <= 1.3 - Local File Inclusion
This plugin is prone to a local file inclusion vulnerability. Solution Update the plugin...
WordPress CYSTEME Finder Plugin 1.3 - Arbitrary File Upload
Arbitrary File Upload vulnerability was found in WordPress CYSTEME Finder Plugin 1.3. It allows remote attackers to upload aribitary files to the target server. This vulnerability exists in http://targetserver/wp-content/plugins/cysteme-finder/php/connector.php file. Solution Update CYSTEME Finde...
Cross site scripting
Cross-site scripting XSS vulnerability in process.php in the Malware Finder plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the query parameter...
WordPress Malware Finder Plugin <= 1.1 - XSS
Because of this vulnerability in process.php, the attackers can inject arbitrary web script or HTML via the "query" parameter. Solution Update the plugin...
WordPress Finder Plugin - Cross Site Scripting
WordPress Finder plugin's "order" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...