102 matches found
CVE-2026-22850
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
WordPress Koko Analytics plugin <= 2.1.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Hector Ruiz Ruiz in WordPress Plugin Koko Analytics versions = 2.1.2...
CVE-2026-22850
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
EUVD-2026-3319
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
CVE-2026-22850
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
CVE-2026-22850 Koko Analytics vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
CVE-2026-22850
Koko Analytics for WordPress (
CVE-2026-22850 Koko Analytics vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
CVE-2026-22850 Koko Analytics vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
WordPress plugin Koko Analytics has a SQL injection vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
Malicious code in koko-poke14 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bb97353977aab825d1915a9a79b94a97e0fe0c73e1550b8b9bc7c97ef345342 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in koko-poke18 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03a951b7d6c9342f4e7e291705fd7506aeb5724fee4322ac933b48e2129ad8d5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-140704
Malicious code in koko-poke9 npm...
Malicious code in koko-poke22 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 596df8167e09a8fa7f6c81f63e65b4d1686b8d39479f4b6b638914347d63754f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in koko-poke25 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c4e0300c13c2602470e67f97910db22e22df755551c6f0583e85e3e50353ba6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in koko-poke10 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fd7e55db96d63387e82517ab06ba7e7e23f648be8b38b058ad1f3fa6698d8b4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-140723
Malicious code in koko-poke14 npm...
Malicious code in koko-poke12 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d37a108cf276880cdc128507e3f458096cb570a67cedcd6ee48a2fa6b61ec119 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in koko-poke1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 052504e6dbb255bed00da650bb14612ca713af07982cf6c7c3e25db6a3a74976 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in koko-poke13 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10f99ad31ed4279b2b152f3f5307d8961ede4dbcb570c028125297fd41117916 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...