104 matches found
CVE-2026-22850
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
WordPress Koko Analytics plugin <= 2.1.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Hector Ruiz Ruiz in WordPress Plugin Koko Analytics versions = 2.1.2...
CVE-2026-22850
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
CVE-2026-22850 Koko Analytics vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
CVE-2026-22850
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
EUVD-2026-3319
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
CVE-2026-22850 Koko Analytics vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
CVE-2026-22850
Koko Analytics for WordPress (
CVE-2026-22850 Koko Analytics vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
WordPress plugin Koko Analytics has a SQL injection vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
Malicious code in koko-poke19 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a6b6dab458b424c38b2faa0e37861b31e11228fa0666a58d8634b3970e81820 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-140720
Malicious code in koko-poke17 npm...
EUVD-2025-140713
Malicious code in koko-poke23 npm...
EUVD-2025-140717
Malicious code in koko-poke2 npm...
Malicious code in koko-poke7 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dccf2e5b7cdabb75311e140b32617df533ec3a06199860b7b0a96251f32b0237 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in koko-poke2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2795bfc9875219076951e65fc5546f230ea42cd4aa10669dd1faf09240e67dbc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in koko-poke12 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d37a108cf276880cdc128507e3f458096cb570a67cedcd6ee48a2fa6b61ec119 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in koko-poke13 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10f99ad31ed4279b2b152f3f5307d8961ede4dbcb570c028125297fd41117916 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in koko-poke14 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bb97353977aab825d1915a9a79b94a97e0fe0c73e1550b8b9bc7c97ef345342 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in koko-poke16 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91bef030ad27df3369de229a3d84232471cefcbda3d480f6ff9e99d41765f7de This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...