CVE-2025-13997

The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...

GHSA-GPPG-GQW8-WH9G litellm vulnerable to remote code execution based on using eval unsafely

BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the adddeployment function, which decodes and decrypts environment variables from base64 and assigns them to os.environ. An attacker can exploit this by sendin...

PT-2024-37119 · Google · Google Kms

Name of the Vulnerable Software and Affected Versions: BerriAI/litellm version v1.35.8 Description: The issue allows an attacker to achieve remote code execution. It exists in the add deployment function, which decodes and decrypts environment variables from base64 and assigns them to os.environ...

PT-2024-33256 · Google · Google Kms

Name of the Vulnerable Software and Affected Versions: berriai/litellm version 1.34.6 Description: A code injection issue exists due to the use of unvalidated input in the eval function within the secret management system. This issue requires a valid Google KMS configuration file to be exploitabl...

CVE-2022-1772

The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing th...