109 matches found
EUVD-2022-34657
Malicious code in bioql PyPI...
EUVD-2025-9118
Malicious code in bioql PyPI...
EUVD-2023-43849
Malicious code in bioql PyPI...
CVE-2025-7387
The Lana Downloads Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the endpoint parameters in versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-7387 Lana Downloads Manager <= 1.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Lana Downloads Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the endpoint parameters in versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-7387 Lana Downloads Manager <= 1.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Lana Downloads Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the endpoint parameters in versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
PT-2025-28976 · WordPress · Lana Downloads Manager
Name of the Vulnerable Software and Affected Versions: Lana Downloads Manager versions prior to 1.10.0 Description: The Lana Downloads Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting through insufficient input sanitization and output escaping on user-supplied attributes...
WordPress plugin Lana Downloads Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability exis...
CVE-2023-3166
The Lana Email Logger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, Lana Email Logger due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2023-3372
The Lana Shortcodes WordPress plugin before 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2022-2392
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher...
CVE-2025-2048
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...
CVE-2025-2048
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...
CVE-2025-2048
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...
CVE-2025-2048 Lana Downloads Manager < 1.10.0 - Admin+ Arbitrary File Download via Path Traversal
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...
CVE-2025-2048
CVE-2025-2048 affects the Lana Downloads Manager WordPress plugin prior to 1.10.0. The issue is that input used to build a path is not validated, enabling admins to perform path traversal and download arbitrary server files. Public references confirm the vulnerability is tied to path traversal in...
CVE-2025-2048 Lana Downloads Manager < 1.10.0 - Admin+ Arbitrary File Download via Path Traversal
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...
PT-2025-14082 · WordPress · Lana Downloads Manager
Name of the Vulnerable Software and Affected Versions: Lana Downloads Manager WordPress plugin versions prior to 1.10.0 Description: The issue concerns the Lana Downloads Manager WordPress plugin, which does not validate user input used in a path. This could allow users with an admin role to...
Malicious code in lana-docs-site (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware accb6c4448ea69a1e84f45256921e0bca2f42e0f2cb6ad93d0e60ed843b843f0 Any computer that has this package install...
MAL-2024-11819 Malicious code in lana-ws (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7484f94ee4543b03e2d833c9553eea0123b2a73f99621a2e99a38139146b151 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...