CVE-2025-1282

The Car Dealer Automotive WordPress Theme – Responsive theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletepostphoto and addcar functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers,...

CVE-2024-2667

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for...

EUVD-2025-10393

Malicious code in bioql PyPI...

EUVD-2025-19678

Malicious code in bioql PyPI...

EUVD-2025-9114

Malicious code in bioql PyPI...

EUVD-2024-54050

Malicious code in bioql PyPI...

EUVD-2025-5116

Malicious code in bioql PyPI...

EUVD-2025-1626

Malicious code in bioql PyPI...

EUVD-2025-21584

Malicious code in bioql PyPI...

EUVD-2023-58466

Malicious code in bioql PyPI...

EUVD-2025-22296

Malicious code in bioql PyPI...

EUVD-2023-59124

Malicious code in bioql PyPI...

EUVD-2023-59037

Malicious code in bioql PyPI...

EUVD-2023-58105

Malicious code in bioql PyPI...

CVE-2025-8213 NinjaScanner – Virus & Malware scan <= 3.2.5 - Authenticated (Administrator+) Arbitrary File Deletion

The NinjaScanner – Virus & Malware scan plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'nscanajaxquarantine' and 'nscanquarantineselect' functions in all versions up to, and including, 3.2.5. This makes it possible for authenticated...

CVE-2025-7645

The Extensions For CF7 Contact form 7 Database, Conditional Fields and Redirection plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete-file' field in all versions up to, and including, 3.2.8. This makes it possible for...

CVE-2025-7645

The CVE-2025-7645 issue affects the WordPress plugin Extensions For CF7 (Extensions For CF7: Contact Form 7 Database, Conditional Fields and Redirection). The root cause is insufficient file path validation in the delete-file field, allowing unauthenticated attackers to delete arbitrary files on ...

CVE-2025-7645 Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) <= 3.2.8 - Unauthenticated Arbitrary File Deletion Triggered via Admin Form Submission Deletion

The Extensions For CF7 Contact form 7 Database, Conditional Fields and Redirection plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete-file' field in all versions up to, and including, 3.2.8. This makes it possible for...

CVE-2025-7712

The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpmangadeletezip function in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, whic...

CVE-2025-7438

The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'installandactivateplugin' function in all versions up to, and including, 4.7.9. This makes it possible for authenticated attackers, with Subscriber-level access an...