GHSA-MVV8-V4JJ-G47J Directus: Sensitive fields exposed in revision history

Summary Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline, sensitive fields including user tokens, two-factor authentication secrets, external auth...

CVE-2023-4021

The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2025-204629

The Pretty Google Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the pgcalajaxhandler function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to retrieve the Google API key set in t...

CVE-2025-12898 Pretty Google Calendar <= 2.0.0 - Missing Authorization to Unauthenticated Google API Key Exposure

The Pretty Google Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the pgcalajaxhandler function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to retrieve the Google API key set in t...

CVE-2025-12898

CVE-2025-12898 is a published vulnerability affecting the Pretty Google Calendar plugin for WordPress. The connected Wordfence report confirms a missing capability check in pgcal_ajax_handler() that allowed unauthenticated access and enabled retrieval of the plugin’s Google API key from settings ...

PT-2025-52535

Name of the Vulnerable Software and Affected Versions Pretty Google Calendar plugin for WordPress versions prior to 2.0.1 Description The Pretty Google Calendar plugin for WordPress is susceptible to unauthorized data access. This is due to a missing capability check within the pgcal ajax handler...

EUVD-2018-13380

Malware in sbrugna...

EUVD-2005-3864

Malware in sbrugna...

EUVD-2023-58989

Malicious code in bioql PyPI...

CVE-2023-6777

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's...

WordPress WP JobHunt plugin wp_ajax_google_api_login_callback function authentication error vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP JobHunt...

WordPress plugin WP JobHunt 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP JobHunt...

OpenRefine leaks Google API credentials in releases

Impact OpenRefine releases contain Google API authentication keys "client id" and "client secret" which can be extracted from released artifacts. For instance, download the package for OpenRefine 3.8.2 on linux. It contains the file...

GHSA-3PG4-QWC8-426R OpenRefine leaks Google API credentials in releases

Impact OpenRefine releases contain Google API authentication keys "client id" and "client secret" which can be extracted from released artifacts. For instance, download the package for OpenRefine 3.8.2 on linux. It contains the file...

CVE-2024-6489 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key update

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getgoogleapikey function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access a...

CVE-2024-6489 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key update

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getgoogleapikey function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access a...

PT-2024-37663 · WordPress · Getwid

Name of the Vulnerable Software and Affected Versions: Getwid – Gutenberg Blocks plugin for WordPress versions up to, and including, 2.0.10 Description: The issue allows unauthorized modification of data due to a missing capability check on the get google api key function. This makes it possible...

WordPress Smart Image Gallery plugin < 1.0.19 - Update/Delete Google API Key via CSRF vulnerability

Update/Delete Google API Key via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Smart Image Gallery versions 1.0.19...

CVE-2024-3632 Smart Image Gallery < 1.0.19 - Update/Delete Google API Key via CSRF

The Smart Image Gallery WordPress plugin before 1.0.19 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2023-6777

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's...