CVE-2022-27214

A cross-site request forgery CSRF vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

EUVD-2024-34010

Malicious code in bioql PyPI...

CVE-2024-8656

The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

CVE-2024-11093

The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web...

CVE-2022-27215

A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2025-39377 WordPress Appsero Helper plugin <= 1.3.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs Appsero Helper appsero-helper allows SQL Injection.This issue affects Appsero Helper: from n/a through = 1.3.4...

Malicious code in helper-plugin-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 637e6aa11d35ac301a88fea209827ad1ebfe949fe5c2db4ffd66509975d13ef6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3256 Malicious code in helper-plugin-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 637e6aa11d35ac301a88fea209827ad1ebfe949fe5c2db4ffd66509975d13ef6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-13436

The Appsero Helper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation on the 'appserohelper' page. This makes it possible for unauthenticated attackers to update settings and inject...

CVE-2024-13436

The Appsero Helper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation on the 'appserohelper' page. This makes it possible for unauthenticated attackers to update settings and inject...

CVE-2024-13436

CVE-2024-13436 concerns the WordPress plugin Appsero Helper. The connected documents confirm a Cross-Site Request Forgery (CSRF) vulnerability present in all versions up to and including 1.3.2, caused by missing or incorrect nonce validation on the appsero_helper page. This lets unauthenticated a...

CVE-2025-23866

CVE-2025-23866 is a reflected Cross-site Scripting (XSS) vulnerability in EU DSGVO Helper (NotFound EU DSGVO Helper). Both the Initial CVE entry and the Red Hat advisory repeat the description and note the affected range as “from n/a through 1.0.6.1” for EU DSGVO Helper. The CVSS score is provide...

WordPress plugin WP Accessibility Helper 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-11093

CVE-2024-11093 concerns the WordPress plugin SG Helper (versions ≤ 1.0). The vulnerability is a Stored Cross‑Site Scripting via SVG file uploads, caused by insufficient input sanitization and output escaping. It requires authenticated access at Administrator level or higher, and can let the attac...

WordPress plugin Conversion Helper 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-8656

The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

CVE-2024-8656

The WPFactory Helper plugin for WordPress is affected by CVE-2024-8656: Reflected Cross‑Site Scripting in all versions up to and including 1.7.0 due to insufficient escaping in add_query_arg. This allows unauthenticated attackers to inject scripts in pages triggered by user actions. Patch: update...

WordPress plugin WP Accessibility Helper security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2023-36689

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPFactory WPFactory Helper plugin = 1.5.2 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPFactory WPFactory Helper plugin = 1.5.2 versions...