229 matches found
EUVD-2024-17274
Malicious code in bioql PyPI...
EUVD-2025-15338
Malicious code in bioql PyPI...
WordPress Portfolio Manager Lite plugin <= 1.20 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Portfolio Manager Lite versions = 1.20...
CVE-2025-8091
The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the addsingleeventon and addeventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to...
CVE-2025-8391
CVE-2025-8391 – Magic Edge – Lite (WordPress) is a Stored Cross-Site Scripting vulnerability in the plugin for all versions up to 1.1.6, triggered by the height parameter due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Contributor level or...
WordPress Finale Lite Plugin <= 2.20.0 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by LVT-tholv2k in WordPress Plugin Finale Lite versions = 2.20.0...
CVE-2021-4458
The Modern Events Calendar Lite plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'wpajaxmecloadsinglepage' AJAX action in all versions up to, and including, 6.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2024-9117
The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...
CVE-2024-7084
The Ajax Search Lite WordPress plugin before 4.12.1 does not sanitise and escape some parameters, which could allow users with a role as low as Admin+ to perform Cross-Site Scripting attacks...
CVE-2024-5892
The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘supportunfilteredfilesupload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-11416
The WIP Incoming Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the saveoption function. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2024-10882
The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated...
CVE-2024-12239
The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2023-39987
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ajay Lulia wSecure Lite plugin = 2.5 versions...
CVE-2023-28497
Cross-Site Request Forgery CSRF vulnerability in Tribulant Slideshow Gallery LITE plugin = 1.7.6 versions...
CVE-2013-10030
A vulnerability, which was classified as problematic, has been found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this issue is some unknown functionality of the file wordpress-exit-box-lite.php. The manipulation leads to information disclosure. The attack may be launched remotely...
CVE-2019-14679
core/views/arpriceimportexport.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/admin.php?page=arpliteimportexport CSRF...
CVE-2018-20987
The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection...
CVE-2014-9442
SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php...
CVE-2015-9408
The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS...