EUVD-2025-5903

Malicious code in bioql PyPI...

EUVD-2022-38531

Malicious code in bioql PyPI...

CVE-2024-13358 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update

The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.24. This makes it possible for authenticated...

CVE-2022-3144

The Wordfence Security – Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 7.6.0 via a setting on the options page due to insufficient escaping on the stored value. This makes it possible for authenticated users, with...

WordPress plugin Mark Daniels Night Mode 跨站脚本漏洞

WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.The WordPress plugin Mark Daniels Night Mode 1.0.0 and previous versions have a cross-site scripting vulnerability, which originates from a...

Similar Posts < 3.1.6 - Admin+ Arbitrary PHP Code Execution

The plugin allow high privilege users to execute arbitrary PHP code in an hardened environment ie with DISALLOWFILEEDIT, DISALLOWFILEMODS and DISALLOWUNFILTEREDHTML set to true via the 'widgetrrmsimilarpostscondition' widget setting of the plugin. Vendor was notified in July 2021, the issue was...

PT-2018-3640 · Wikimedia +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.1 Description: The issue is related to a lack of input validation mechanism in MediaWiki, which can be exploited by a remote attacker to impact data integrity. Specifically, when MediaWiki:Mainpage is set to...