WordPress BirdSeed plugin <= 2.2.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin BirdSeed versions = 2.2.0...

WordPress WP Docs plugin <= 2.2.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'wpdocs_options[icon_size]' vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'wpdocsoptionsiconsize' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Docs versions = 2.2.9...

WordPress Debugger & Troubleshooter plugin <= 1.3.2 - Unauthenticated Privilege Escalation to Administrator via Cookie Manipulation vulnerability

Unauthenticated Privilege Escalation to Administrator via Cookie Manipulation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Debugger & Troubleshooter versions = 1.3.2...

WordPress Quentn WP plugin <= 1.2.12 - Unauthenticated SQL Injection via 'qntn_wp_access' Cookie vulnerability

Unauthenticated SQL Injection via 'qntnwpaccess' Cookie vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Quentn WP versions = 1.2.12...

WordPress All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin <= 2.2.5 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login versions = 2.2.5...

WordPress xmlrpc attacks blocker plugin <= 1.0 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' vulnerability

Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin xmlrpc attacks blocker versions = 1.0...

WordPress Easy Author Image plugin <= 1.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Picture URL vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Profile Picture URL vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Easy Author Image versions = 1.7...

WordPress Twitter posts to Blog plugin <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update vulnerability

Missing Authorization to Unauthenticated Plugin Settings Update vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Twitter posts to Blog versions = 1.11.25...

WordPress Simple calendar for Elementor plugin <= 1.6.6 - Missing Authorization to Unauthenticated Arbitrary Calendar Entry Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Calendar Entry Deletion vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Simple calendar for Elementor versions = 1.6.6...

WordPress Easy Replace Image plugin <= 3.5.2 - Missing Authorization to Authenticated (Contributor+) Arbitrary Attachment Replacement vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Attachment Replacement vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Easy Replace Image versions = 3.5.2...

WordPress Reuters Direct plugin <= 3.0.0 - Cross-Site Request Forgery to Settings Reset vulnerability

Cross-Site Request Forgery to Settings Reset vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Reuters Direct versions = 3.0.0...

WordPress Features plugin <= 0.0.2 - Missing Authorization to Authenticated (Subscriber+) Option Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Option Reset vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Module Features versions = 0.0.2...

WordPress WP Global Screen Options plugin <= 0.2 - Cross-Site Request Forgery to Screen Options Update vulnerability

Cross-Site Request Forgery to Screen Options Update vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Global Screen Options versions = 0.2...

EUVD-2025-35560

Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Clanora clanora allows Using Malicious Files.This issue affects Clanora: from n/a through 1.3.1...

EUVD-2025-21747

Malicious code in bioql PyPI...

CVE-2025-34124

A buffer overflow vulnerability exists in Heroes of Might and Magic III Complete 4.0.0.0, HD Mod 3.808 build 9, and Demo 1.0.0.0 via malicious .h3m map files that exploit object sprite name parsing logic. The vulnerability occurs during in-game map loading when a crafted object name causes a buff...

CVE-2025-34124

A buffer overflow vulnerability exists in Heroes of Might and Magic III Complete 4.0.0.0, HD Mod 3.808 build 9, and Demo 1.0.0.0 via malicious .h3m map files that exploit object sprite name parsing logic. The vulnerability occurs during in-game map loading when a crafted object name causes a buff...

CVE-2025-34124 Heroes of Might and Magic III .h3m Map File Buffer Overflow

A buffer overflow vulnerability exists in Heroes of Might and Magic III Complete 4.0.0.0, HD Mod 3.808 build 9, and Demo 1.0.0.0 via malicious .h3m map files that exploit object sprite name parsing logic. The vulnerability occurs during in-game map loading when a crafted object name causes a buff...

CVE-2025-34124 Heroes of Might and Magic III .h3m Map File Buffer Overflow

A buffer overflow vulnerability exists in Heroes of Might and Magic III Complete 4.0.0.0, HD Mod 3.808 build 9, and Demo 1.0.0.0 via malicious .h3m map files that exploit object sprite name parsing logic. The vulnerability occurs during in-game map loading when a crafted object name causes a buff...

CVE-2025-34124

CVE-2025-34124 affects Heroes of Might and Magic III Complete 4.0.0.0, HD Mod 3.808 build 9, and Demo 1.0.0.0. Description: a buffer overflow during in-game map loading is triggered by crafted .h3m map files through object sprite name parsing, potentially enabling arbitrary code execution. Exploi...