76 matches found
CVE-2026-40779 WordPress Link Library plugin <= 7.8.8 - Arbitrary File Deletion vulnerability
Contributor Arbitrary File Deletion in Link Library = 7.8.8 versions...
CVE-2026-1401
The Tune Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CSV import in all versions up to, and including, 1.6.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2026-1401
The Tune Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CSV import in all versions up to, and including, 1.6.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
EUVD-2026-5611
The Tune Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CSV import in all versions up to, and including, 1.6.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
PT-2026-6679
Name of the Vulnerable Software and Affected Versions Tune Library plugin for WordPress versions up to and including 1.6.3 Description The Tune Library plugin for WordPress is susceptible to Stored Cross-Site Scripting through the CSV import functionality. This is a result of inadequate input...
CVE-2025-68600
CVE-2025-68600 describes a Server-Side Request Forgery in the WordPress plugin Link Library (link-library) , affecting versions up to
WordPress Link Library plugin <= 7.8.7 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Krissaphat Jankaew in WordPress Plugin Link Library versions = 7.8.7...
CVE-2025-12041 ERI File Library <= 1.1.0 - Missing Authorization to Unauthenticated Protected File Download
The ERI File Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eriflfile' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to download files restricted to specific user...
CVE-2025-12041
The CVE-2025-12041 entry concerns the WordPress ERI File Library plugin up to version 1.1.0, where a missing capability check on the erifl_file AJAX action allows unauthenticated attackers to download files restricted to specific user roles. Affected software: WordPress ERI File Library plugin (v...
EUVD-2021-24808
Malware in sbrugna...
EUVD-2018-2718
Malware in sbrugna...
EUVD-2021-12004
Malware in sbrugna...
EUVD-2018-2717
Malware in sbrugna...
EUVD-2024-17305
Malicious code in bioql PyPI...
EUVD-2022-51560
Malicious code in bioql PyPI...
EUVD-2024-17444
Malicious code in bioql PyPI...
CVE-2024-5450
The Bug Library WordPress plugin before 2.1.1 does not check the file type on user-submitted bug reports, allowing an unauthenticated user to upload PHP files...
CVE-2024-4281
The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'link-library' shortcode in all versions up to, and including, 7.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
CVE-2024-5604
The Bug Library WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-1559
The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'llreciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...