WP Popups - Information Disclosure

WP Popups - WordPress Popup builder plugin for WordPress contains a full path disclosure caused by using mobiledetect without access restrictions, letting unauthenticated attackers retrieve server paths, exploit requires no specific conditions. id: CVE-2024-6555 info: name: WP Popups - Informatio...

📄 MobileDetect 2.8.31 Cross Site Scripting

MobileDetect version 2.8.31 suffers from a cross site scripting vulnerability. Exploit Title: MobileDetect 2.8.31 - Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/serbanghita/Mobile-Detect/ Software Link:...

EUVD-2023-0788

Malicious code in bioql PyPI...

EUVD-2024-47628

Malicious code in bioql PyPI...

EUVD-2024-48337

Malicious code in bioql PyPI...

CVE-2024-6555

The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.0.1. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to...

CVE-2018-25080

A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/sessionexample.php of the component Example. The manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack...

CVE-2024-6568 Flamix: Bitrix24 and Contact Form 7 integrations <= 3.1.0 - Unauthenticated Full Path Disclosure

The Flamix: Bitrix24 and Contact Form 7 integrations plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.0. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated...

PT-2024-37724 · WordPress +1 · The Flamix +1

Name of the Vulnerable Software and Affected Versions: The Flamix: Bitrix24 and Contact Form 7 integrations plugin for WordPress versions up to, and including, 3.1.0 Description: The plugin is vulnerable to Full Path Disclosure due to its utilization of mobiledetect without preventing direct acce...

CVE-2024-6560 Addonify – Quick View For WooCommerce <= 1.2.16 - Unauthenticated Full Path Dislcosure

The Addonify – Quick View For WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.16. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to...

PT-2024-37717 · WordPress · Addonify – Quick View For Woocommerce

Name of the Vulnerable Software and Affected Versions: Addonify – Quick View For WooCommerce plugin for WordPress versions up to, and including, 1.2.16 Description: The issue is related to Full Path Disclosure, which occurs because the plugin utilizes mobiledetect without preventing direct access...

PT-2024-37712 · WordPress · Wp Popups

Name of the Vulnerable Software and Affected Versions: WP Popups – WordPress Popup builder plugin versions up to, and including, 2.2.0.1 Description: The issue is related to Full Path Disclosure, which occurs because the plugin utilizes mobiledetect without preventing direct access to the files...

CVE-2024-6556 SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.8 - Unauthenticated Full Path Disclosure

The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.10.8. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for...

PT-2024-37713 · WordPress · Smartcrawl

Name of the Vulnerable Software and Affected Versions: SmartCrawl WordPress SEO checker plugin versions up to, and including, 3.10.8 Description: The issue is due to the plugin utilizing mobiledetect without preventing direct access to the files, making it possible for unauthenticated attackers t...

GHSA-R77C-QV68-J3PP Cross-site Scripting in MobileDetect

A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/sessionexample.php of the component Example. The manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack...

Cross-site Scripting in MobileDetect

A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/sessionexample.php of the component Example. The manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack...

CVE-2018-25080

A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/sessionexample.php of the component Example. The manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack...

CVE-2018-25080

A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/sessionexample.php of the component Example. The manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/sessionexample.php of the component Example. The manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack...

CVE-2018-25080 MobileDetect Example session_example.php initLayoutType cross site scripting

A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/sessionexample.php of the component Example. The manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack...