Malicious code in marketing-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91700ba70a19e0997ef295cbc94c127a9febc336d696ae07b738dc2fbef8cab8 The package marketing-analytics was found to contain malicious code...

MAL-2026-2778 Malicious code in marketing-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91700ba70a19e0997ef295cbc94c127a9febc336d696ae07b738dc2fbef8cab8 The package marketing-analytics was found to contain malicious code...

CVE-2026-2263

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hustlemoduleconverted' AJAX action in all versions up to, and including, 7.8.10.2. This makes it possible for...

WordPress plugin Hustle 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-2263 Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.10.2 - Missing Authorization to Unauthenticated Conversion Tracking Data Manipulation

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hustlemoduleconverted' AJAX action in all versions up to, and including, 7.8.10.2. This makes it possible for...

PT-2026-31048

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hustle module converted' AJAX action in all versions up to, and including, 7.8.10.2. This makes it possible for...

Shopify: Improper access check by Kit leads to controlling attributes of store & getting analytics by deleted Store member via dual messenger A/C

Hi, Disclaimer : - This report will be detected as a duplicate of a N/A marked report by me351154.The reason for self-close was i did not know if the scope in your policy only restricted to XSS,CSRF on kitcrm.com the domain. Issue : - A deleted store member can still use Kit via Facebook messenge...

Progress Sitefinity 9.1 XSS Vulnerability

Progress Sitefinity version 9.1 suffers from cross site scripting, broken session management, and open redirection vulnerabilities. ======================================================================= title: Multiple vulnerabilities product: Progress Sitefinity vulnerable version: 9.1 fixed...