302 matches found
WordPress Hummingbird <= 3.18.0 - Sensitive Information Exposure via Log File
Hummingbird Performance WordPress plugin = 3.18.0 contains a sensitive information exposure caused by improper handling in the 'request' function, letting unauthenticated attackers extract sensitive data including Cloudflare API credentials, exploit requires no authentication. id: CVE-2025-14437...
VulnCheck KEV: CVE-2025-14437
The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials...
CVE-2022-0994
The Hummingbird WordPress plugin before 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2025-14437
The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials...
WordPress Hummingbird plugin <= 3.18.0 - Unauthenticated Sensitive Information Exposure via Log File vulnerability
Unauthenticated Sensitive Information Exposure via Log File vulnerability discovered by ISMAILSHADOW in WordPress Plugin Hummingbird versions = 3.18.0...
CVE-2025-14437
The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials...
EUVD-2025-204263
The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials...
CVE-2025-14437 Hummingbird <= 3.18.0 - Unauthenticated Sensitive Information Exposure via Log File
The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials...
CVE-2025-14437 Hummingbird <= 3.18.0 - Unauthenticated Sensitive Information Exposure via Log File
The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials...
CVE-2025-14437
The vulnerability CVE-2025-14437 affects the Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals plugin for WordPress. It enables unauthenticated access to sensitive data via the plugin’s request function, including Cloudflare API credentials, across all versions up to a...
WordPress plugin Hummingbird Performance 日志信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A log information...
PT-2025-52217
Name of the Vulnerable Software and Affected Versions Hummingbird Performance plugin for WordPress versions prior to 3.18.1 Description The Hummingbird Performance plugin for WordPress is susceptible to exposure of sensitive information. This affects unauthenticated attackers who can extract data...
EUVD-2025-120022
Malicious code in flexiblehummingbirdsapphire-15 npm...
EUVD-2025-116945
Malicious code in solarhummingbirdz3n npm...
Malicious code in top-violet-hummingbird (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2fd53c2848fef043ca2d5b3a699f4531aca207ef73b1399946a2767852733b5b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-139081 Malicious code in top-violet-hummingbird (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2fd53c2848fef043ca2d5b3a699f4531aca207ef73b1399946a2767852733b5b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-117021
Malicious code in top-violet-hummingbird npm...
Malicious code in heavy_hummingbird_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbc3c1bde2961b0ea24d24715dd7c70738d7d1860c153f2fa9e99d912a448db5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-135778 Malicious code in nervous_hummingbird_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e05b2713e1aeba6cb7bbd7b015e829723a2dfabf4ca1515c5a09411351cc294 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-101261
Malicious code in uncomfortablehummingbirdz3n npm...