EUVD-2025-9185

Malicious code in bioql PyPI...

CVE-2025-31847

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themelooks mFolio Lite mfolio-lite allows DOM-Based XSS.This issue affects mFolio Lite: from n/a through = 1.2.3...

WordPress mFolio Lite plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab in WordPress Plugin mFolio Lite versions = 1.2.3...

CVE-2025-31847

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themelooks mFolio Lite mfolio-lite allows DOM-Based XSS.This issue affects mFolio Lite: from n/a through = 1.2.3...

CVE-2025-31847

CVE-2025-31847 affects mFolio Lite (WordPress)

CVE-2025-31847 WordPress mFolio Lite plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themelooks mFolio Lite mfolio-lite allows DOM-Based XSS.This issue affects mFolio Lite: from n/a through = 1.2.3...

CVE-2025-31847 WordPress mFolio Lite plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themelooks mFolio Lite mfolio-lite allows DOM-Based XSS.This issue affects mFolio Lite: from n/a through = 1.2.3...

PT-2025-14225 · Themelooks · Themelooks Mfolio Lite

Name of the Vulnerable Software and Affected Versions: themelooks mFolio Lite versions 1.2.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an attacker...

CVE-2024-9307

The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute...

CVE-2024-9307

The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute...

CVE-2024-9307

CVE-2024-9307 affects the mFolio Lite WordPress plugin. The vulnerability is due to a missing capability check in all versions up to 1.2.1, allowing authenticated attackers with Author-level access or higher to upload SVGs/EXEs and inject scripts that execute on page load or file access, with pot...

CVE-2024-9307 mFolio Lite <= 1.2.1 - Missing Authorization to Authenticated (Author+) File Upload via EXE and SVG Files

The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute...

WordPress plugin mFolio Lite 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress mFolio Lite plugin <= 1.2.1 - Missing Authorization to Authenticated (Author+) File Upload via EXE and SVG Files vulnerability

Missing Authorization to Authenticated Author+ File Upload via EXE and SVG Files vulnerability discovered by Francesco Carlucci in WordPress Plugin mFolio Lite versions = 1.2.1...

PT-2024-39561 · WordPress · Mfolio Lite

Name of the Vulnerable Software and Affected Versions: mFolio Lite plugin for WordPress version 1.2.1 and earlier Description: The issue is due to a missing capability check, allowing authenticated attackers with Author-level access and above to inject arbitrary web scripts in pages or upload...

WordPress mFolio Lite Plugin <= 1.2.1 is vulnerable to Broken Access Control

Software mFolio Lite Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9307 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 19ba5b646cd3 Credits Francesco Carlucci Required...