EUVD-2024-33452

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to injec...

Victor CMS code-related vulnerabilities

Victor CMS is an open-source content management system developed by Victor Alagwu in Nigeria. Version 1.0 of Victor CMS has code-related vulnerabilities; these vulnerabilities stem from defects in the file upload functionality, which may lead to the upload and execution of malicious PHP files...

CVE-2023-4730

The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the initendpoint function hooked via 'init' in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to modify a variety of settings. An...

CVE-2025-1441

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1007. This is due to missing or incorrect nonce validation on the 'wprfilterwooproducts' function. This makes it possible for unauthenticated attacke...

CVE-2024-2772

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 5.1.13 due to insufficient input sanitization and output escaping. This makes it...

Remote Code Execution (RCE)

mahocommerce/maho is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of uploaded file types in the product management module, which allows an attacker with staff access to upload malicious .php files and execute arbitrary code on the server...

EUVD-2025-4822

Malicious code in bioql PyPI...

EUVD-2024-51643

Malicious code in bioql PyPI...

EUVD-2024-34372

Malicious code in bioql PyPI...

EUVD-2025-13310

Malicious code in bioql PyPI...

EUVD-2024-50406

Malicious code in bioql PyPI...

EUVD-2022-25190

Malicious code in bioql PyPI...

EUVD-2023-54579

Malicious code in bioql PyPI...

EUVD-2024-46785

Malicious code in bioql PyPI...

EUVD-2024-50870

Malicious code in bioql PyPI...

EUVD-2022-34704

Malicious code in bioql PyPI...

PT-2025-30113 · WordPress · Avishi Wp Paypal Payment Button

Name of the Vulnerable Software and Affected Versions: Avishi WP PayPal Payment Button versions prior to 2.1 Description: The Avishi WP PayPal Payment Button plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the...

CVE-2025-6041

The yContributors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the 'yContributors' page. This makes it possible for unauthenticated attackers to update settings and inject...

CVE-2025-6041

CVE-2025-6041 concerns the WordPress plugin yContributors (versions up to and including 0.5). The Wordfence record describes a CSRF flaw on the yContributors page that allows unauthenticated attackers to trigger actions on behalf of an administrator and inject web scripts via forged requests, eff...

CVE-2025-4966 WP Online Users Stats <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via hk_dataset_results Function

The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation within the hkdatasetresults function. This makes it possible for unauthenticated attackers to inject malicious web script...