SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to the extension failing to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of...

CVE-2026-4280

The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...

EUVD-2026-24688

The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...

CVE-2026-4280

The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...

CVE-2026-4280 Breaking News WP <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Local File Inclusion/Read

The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...

CVE-2026-4280

CVE-2026-4280 affects Breaking News WP for WordPress (versions up to 1.3). The brnwp_ajax_form endpoint lacks authorization checks and CSRF verification, and the brnwp_show_breaking_news_wp() shortcode handler directly passes brnwp_theme to include(), enabling Local File Inclusion via directory t...

PT-2026-34300

Name of the Vulnerable Software and Affected Versions Breaking News WP versions prior to 1.4 Description The Breaking News WP plugin for WordPress contains a Local File Inclusion issue. The 'brnwp ajax form' AJAX endpoint lacks authorization checks and CSRF verification. Additionally, there is...

WordPress plugin Royale News 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2019-12724

An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $POST'name' parameter...

CVE-2025-62090

CVE-2025-62090 affects the WordPress plugin Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons (

WordPress plugin Gutenverse News 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2019-4315

Malware in sbrugna...

EUVD-2024-44060

Malicious code in bioql PyPI...

EUVD-2023-46161

Malicious code in bioql PyPI...

WordPress Instant Breaking News Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Instant Breaking News versions = 1.0...

CVE-2025-5234

The Gutenverse News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘elementId’ parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-5234

The Gutenverse News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘elementId’ parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-5234

CVE-2025-5234 affects the Gutenverse News WordPress plugin (versions up to 1.0.4). It is a Stored Cross-Site Scripting vulnerability via the elementId parameter, exploitable by authenticated attackers with Contributor-level access or higher. The payload can cause arbitrary scripts to run on pages...

WordPress Gutenverse News plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via elementId Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via elementId Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons versions = 1.0.4...

CVE-2024-10112

The Simple News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'news' shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...