105 matches found
EUVD-2024-33452
The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to injec...
Victor CMS code-related vulnerabilities
Victor CMS is an open-source content management system developed by Victor Alagwu in Nigeria. Version 1.0 of Victor CMS has code-related vulnerabilities; these vulnerabilities stem from defects in the file upload functionality, which may lead to the upload and execution of malicious PHP files...
CVE-2023-4730
The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the initendpoint function hooked via 'init' in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to modify a variety of settings. An...
CVE-2025-1441
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1007. This is due to missing or incorrect nonce validation on the 'wprfilterwooproducts' function. This makes it possible for unauthenticated attacke...
CVE-2024-2772
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 5.1.13 due to insufficient input sanitization and output escaping. This makes it...
Remote Code Execution (RCE)
mahocommerce/maho is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of uploaded file types in the product management module, which allows an attacker with staff access to upload malicious .php files and execute arbitrary code on the server...
EUVD-2024-50406
Malicious code in bioql PyPI...
EUVD-2022-34704
Malicious code in bioql PyPI...
EUVD-2023-54579
Malicious code in bioql PyPI...
EUVD-2025-4822
Malicious code in bioql PyPI...
EUVD-2024-34372
Malicious code in bioql PyPI...
EUVD-2024-46785
Malicious code in bioql PyPI...
EUVD-2024-50870
Malicious code in bioql PyPI...
EUVD-2025-13310
Malicious code in bioql PyPI...
EUVD-2022-25190
Malicious code in bioql PyPI...
EUVD-2024-51643
Malicious code in bioql PyPI...
PT-2025-30113 · WordPress · Avishi Wp Paypal Payment Button
Name of the Vulnerable Software and Affected Versions: Avishi WP PayPal Payment Button versions prior to 2.1 Description: The Avishi WP PayPal Payment Button plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the...
CVE-2025-6041
The yContributors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the 'yContributors' page. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2025-6041
CVE-2025-6041 concerns the WordPress plugin yContributors (versions up to and including 0.5). The Wordfence record describes a CSRF flaw on the yContributors page that allows unauthenticated attackers to trigger actions on behalf of an administrator and inject web scripts via forged requests, eff...
CVE-2025-4966 WP Online Users Stats <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via hk_dataset_results Function
The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation within the hkdatasetresults function. This makes it possible for unauthenticated attackers to inject malicious web script...