18 matches found
CVE-2025-14539
CVE-2025-14539 relates to the WordPress plugin Shortcode Ajax (Shortcode Loader/shortcode-ajax). The vulnerability arises because the plugin executes do_shortcode on a value that is not properly validated, allowing unauthenticated attackers to execute arbitrary shortcodes. Affected versions are a...
EUVD-2025-121585
Malicious code in style-loader-rollup-plugin-izar-phoebe npm...
MAL-2025-148340 Malicious code in style-loader-rollup-plugin-izar-phoebe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec4a0e6674e333da99262c9589dc038cd6e957c309248b12349a0364661a27f5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-147677 Malicious code in sass-loader-mui-library-optimize-css-assets-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66e74a0f0b1190b28e62b75438426908b78b6776a7293dc127d4f7f037d74279 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2021-11580
Malware in sbrugna...
EUVD-2022-5283
Malicious code in bioql PyPI...
Malicious code in my-check-inline-loader-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 158a5f06d42d4341fa6161944260a13e1cd79d01a746eddd52ce26b77770024e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4378 Malicious code in my-check-inline-loader-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 158a5f06d42d4341fa6161944260a13e1cd79d01a746eddd52ce26b77770024e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2021-24668
The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack...
Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin
Jenkins Pipeline Remote Loader Plugin before 1.5 provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...
CVE-2021-24668
The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack...
WordPress SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The WordPress plugin is a WordPress open source application plugin. The WordPress plugin is vulnerable to SQL injection, which stems from the fact that The MAZ Loader plugin does not validate or...
WordPress MAZ Loader plugin <= 1.4.0 - Arbitrary Loader Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Loader Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by apple502j in WordPress MAZ Loader plugin versions = 1.4.0. Solution Update the WordPress MAZ Loader plugin to the latest available version at least 1.4.1...
WordPress advanced-ajax-page-loader plugin permissions permission and access control issues vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. advanced-ajax-page-loader is an AJAX page loading plugin used in it. The WordPress advanced-ajax-page-loader plugin is...
The vulnerability of the Jenkins Pipeline Remote Loader plugin, related to defects in the data protection mechanism, allows attackers to circumvent sandbox restrictions.
The vulnerability of the Jenkins Pipeline Remote Loader plugin is related to deficiencies in data protection mechanisms. Exploiting this vulnerability allows a malicious actor to bypass sandbox restrictions and execute arbitrary methods remotely...
CVE-2019-10328
Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...
CVE-2019-10328
Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...
CVE-2019-10328
CVE-2019-10328 affects Jenkins Pipeline Remote Loader Plugin (before 1.5). An unsafe Script Security whitelist entry allowed attackers to invoke arbitrary methods, bypassing sandbox protection and impacting confidentiality, integrity, and availability. Public references in Red Hat advisory RHSA-2...