PT-2026-43133

Missing Authorization vulnerability in WPPOOL FlexTable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FlexTable: from n/a through 3.24.0...

PT-2026-31232

CVE-2026-39670 Server-Side Request Forgery SSRF vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link P… https://t.co/gG1042ZMnD...

PT-2026-23243

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fox-themes Awa Plugins awa-plugins allows Reflected XSS.This issue affects Awa Plugins: from n/a through = 1.4.4...

EUVD-2025-5612

Malicious code in bioql PyPI...

EUVD-2023-46415

Malicious code in bioql PyPI...

EUVD-2025-19302

Malicious code in bioql PyPI...

EUVD-2025-28333

Malicious code in bioql PyPI...

EUVD-2025-7967

Malicious code in bioql PyPI...

EUVD-2023-40461

Malicious code in bioql PyPI...

EUVD-2024-30583

Malicious code in bioql PyPI...

EUVD-2024-52070

Malicious code in bioql PyPI...

PT-2025-39580

Name of the Vulnerable Software and Affected Versions Galaxy Weblinks Post Featured Video versions through 1.7 Description A Cross-Site Request Forgery issue exists in Galaxy Weblinks Post Featured Video. This allows for Cross Site Request Forgery attacks. Recommendations At the moment, there is ...

CVE-2025-58969

Missing Authorization vulnerability in Greg Winiarski Custom Login URL custom-login-url allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login URL: from n/a through = 1.0.2...

CVE-2025-58688

Cross-Site Request Forgery CSRF vulnerability in Casengo Casengo Live Chat Support the-casengo-chat-widget allows Stored XSS.This issue affects Casengo Live Chat Support: from n/a through = 2.1.4...

PT-2025-38836

Name of the Vulnerable Software and Affected Versions husani WP Subtitle versions through 3.4.1 Description The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-Site Scripting XSS. This means that malicious code can be injected...

PT-2025-36252

Name of the Vulnerable Software and Affected Versions: fullworks Quick Paypal Payments versions through 5.7.46 Description: The software contains a Cross-Site Request Forgery CSRF flaw. This issue allows attackers to perform actions on behalf of authenticated users. Recommendations: fullworks Qui...

CVE-2025-48311

Cross-Site Request Forgery CSRF vulnerability in OffClicks Invisible Optin invisible-optin allows Stored XSS.This issue affects Invisible Optin: from n/a through = 1.0...

CVE-2025-49890

Deserialization of Untrusted Data vulnerability in ThemeREX Organic Beauty organic-beauty allows Object Injection.This issue affects Organic Beauty: from n/a through = 1.4.6...

PT-2025-33490 · Fwdesign · Fwdesign Ultimate Video Player

Name of the Vulnerable Software and Affected Versions: FWDesign Ultimate Video Player versions n/a through 10.1 Description: Missing authorization allows exploiting incorrectly configured access control security levels in FWDesign Ultimate Video Player. Recommendations: At the moment, there is no...

CVE-2025-53347

CVE-2025-53347 (Kalium) is a CSRF vulnerability in the Kalium WordPress theme (and related plugin) versions n/a through 3.18.3. The CVE notes that unauthenticated attackers cannot exploit it directly, but the related CVE metrics show an attack vector of network with user interaction required and ...