26 matches found
CVE-2026-2023
The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajaxsavecustomplugin function, which is disabled by prefixing the check with 'false &&'. This makes it possible for...
CVE-2026-2023
The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajaxsavecustomplugin function, which is disabled by prefixing the check with 'false &&'. This makes it possible for...
CVE-2026-2023
The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajaxsavecustomplugin function, which is disabled by prefixing the check with 'false &&'. This makes it possible for...
CVE-2026-2023
The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajaxsavecustomplugin function, which is disabled by prefixing the check with 'false &&'. This makes it possible for...
CVE-2026-2023
CVE-2026-2023: WP Plugin Info Card for WordPress was affected by a CSRF vulnerability up to version 6.2.0 due to missing nonce validation in ajax_save_custom_plugin(), allowing unauthenticated attackers to forge requests that create or modify custom plugin entries if a site admin is enticed to pe...
CVE-2026-2023 WP Plugin Info Card <= 6.2.0 - Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation
The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajaxsavecustomplugin function, which is disabled by prefixing the check with 'false &&'. This makes it possible for...
CVE-2026-2023 WP Plugin Info Card <= 6.2.0 - Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation
The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajaxsavecustomplugin function, which is disabled by prefixing the check with 'false &&'. This makes it possible for...
PT-2026-20297
The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajax save custom plugin function, which is disabled by prefixing the check with 'false &&'. This makes it possible f...
WordPress WP Plugin Info Card plugin <= 6.2.0 - Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation vulnerability
Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation vulnerability discovered by Duong Quang Hao in WordPress Plugin WP Plugin Info Card versions = 6.2.0...
CVE-2025-61649
Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from 7cedd58781d261f110651b6af4f41d2d11ae7309...
EUVD-2025-206641
Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from 7cedd58781d261f110651b6af4f41d2d11ae7309...
CVE-2025-61649 UserInfoCard: Check that performing user has permission to view log entries for number of past blocks
Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from 7cedd58781d261f110651b6af4f41d2d11ae7309...
CVE-2025-61650
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from before...
EUVD-2025-206642
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from before...
CVE-2025-61647
Technical details about CVE-2025-61647 are not publicly provided in the supplied documents. Monitor for updates from the referenced sources; current entries reiterate the vulnerability but do not disclose affected products, versions, or remediation steps.
EUVD-2025-9208
Malicious code in bioql PyPI...
WordPress WP Info Card plugin cross-site scripting vulnerability
WordPress WP Info Card plugin is a plugin for displaying plugin and theme information in your WordPress website. The WordPress WP Info Card plugin suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and output escaping, which can be exploited by an attacke...
CVE-2025-5116
The WP Plugin Info Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerid’ parameter in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-5116 WP Plugin Info Card <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via containerid Parameter
The WP Plugin Info Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerid’ parameter in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin WP Plugin Info Card 跨站脚本漏洞
WordPress WP Info Card plugin is a plugin for displaying plugin and theme information in your WordPress website. The WordPress WP Info Card plugin suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and output escaping, which can be exploited by an attacke...