CVE-2025-14434 Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

EUVD-2025-1890

Malicious code in bioql PyPI...

CVE-2025-0841

A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. This vulnerability affects the function loadMore of the component News. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the publi...

CVE-2025-0841

A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. This vulnerability affects the function loadMore of the component News. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the publi...

CVE-2025-0841 Aridius XYZ News loadMore deserialization

A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. This vulnerability affects the function loadMore of the component News. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the publi...

PT-2025-4067 · Opencart +1 · Opencart +1

Name of the Vulnerable Software and Affected Versions: Aridius XYZ up to 20240927 on OpenCart Description: The issue affects the loadMore function of the News component, leading to deserialization. It can be initiated remotely. Recommendations: Aridius XYZ up to 20240927 on OpenCart: Upgrade the...

OpenCart Aridius 代码问题漏洞

OpenCart Aridius is an OpenCart extension from OpenCart, Inc. A code issue vulnerability exists in OpenCart Aridius XYZ 20240927 and earlier versions, which stems from a deserialization issue in the loadMore function of the News component...

CVE-2022-3900

The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipeargs parameter before unserializing it in the cookedloadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability...

PT-2022-24656 · WordPress · Cooked Pro Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Cooked Pro WordPress plugin versions prior to 1.7.5.7 Description: The issue arises from improper validation and sanitization of the recipe args parameter before unserializing it in the "cooked loadmore" action. This allows an unauthenticated...

Malicious code in list-loadmore (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf6159b9ea1b49f59ac19088398e19b602ff3cbd4bc35f7452325076f70cf8df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4323 Malicious code in list-loadmore (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf6159b9ea1b49f59ac19088398e19b602ff3cbd4bc35f7452325076f70cf8df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...