EUVD-2026-24523

WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpoints under objects/ accept state-changing requests via $REQUEST/$GET and persist changes tied to the caller's session user, without any anti-CSRF token, origin check, or referer check. A malicious...

PT-2026-34198

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions prior to 29.1 Description Multiple JSON endpoints under 'objects/' accept state-changing requests via $ REQUEST and $ GET without anti-CSRF tokens, origin checks, or referer checks. This allows a malicious page to perform...

WWBN AVideo 跨站请求伪造漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from multiple AVideo JSON endpoints under the objects/ directory accepting status...

AVideo has SQL Injection via Partial Prepared Statement — videos_id Concatenated Directly into Query

Summary In objects/like.php, the getLike method constructs a SQL query using a prepared statement placeholder ? for usersid but directly concatenates $this-videosid into the query string without parameterization. An attacker who can control the videosid value via a crafted request can inject...

EUVD-2026-11089

The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wpulikelikersbox shortcode template attribute in all versions up to, and including, 5.0.1. This is due to the use of htmlentitydecode on shortcode attributes without subsequent output sanitization, which...

CVE-2016-10705

The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module...

WordPress Likes and Dislikes Plugin plugin <= 1.0.0 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Likes and Dislikes versions = 1.0.0...

EUVD-2016-1705

Malware in sbrugna...

EUVD-2018-10273

Malware in sbrugna...

EUVD-2025-17630

Malicious code in bioql PyPI...

EUVD-2025-26929

Malicious code in bioql PyPI...

EUVD-2024-40818

Malicious code in bioql PyPI...

EUVD-2024-40113

Malicious code in bioql PyPI...

CVE-2025-58848

Cross-Site Request Forgery CSRF vulnerability in aakash1911 WP likes wp-likes allows Reflected XSS.This issue affects WP likes: from n/a through = 3.1.1...

CVE-2025-58848

Cross-Site Request Forgery CSRF vulnerability in aakash1911 WP likes wp-likes allows Reflected XSS.This issue affects WP likes: from n/a through = 3.1.1...

CVE-2025-58848 WordPress WP likes Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in aakash1911 WP likes wp-likes allows Reflected XSS.This issue affects WP likes: from n/a through = 3.1.1...

CVE-2025-58848

CVE-2025-58848 concerns WordPress plugin WP Likes (versions up to 3.1.1). The vulnerability is a CSRF issue that also enables reflected XSS when exploited, as described in multiple sources. Affected software: WP Likes

CVE-2025-58848 WordPress WP likes Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in aakash1911 WP likes wp-likes allows Reflected XSS.This issue affects WP likes: from n/a through = 3.1.1...

WordPress plugin WP likes 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2025-36187

Name of the Vulnerable Software and Affected Versions: aakash1911 WP likes versions n/a through 3.1.1 Description: A Cross-Site Request Forgery CSRF vulnerability exists in aakash1911 WP likes, which also allows Reflected Cross-Site Scripting XSS. Recommendations: Update aakash1911 WP likes to a...