CVE-2026-9125

Summary: CVE-2026-9125 affects the Presto Player plugin for WordPress (up to version 4.2.0). The root cause is insufficient input sanitization and output escaping in the getOverlays() function, which copies the link_url shortcode attribute directly into the overlay configuration without scheme va...

WordPress Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player plugin <= 2.0.82 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Radio Player versions = 2.0.82...

CVE-2026-39647 WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.11 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

PT-2026-31179

Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for WordPress: from n/a through = 2.3.6...

WordPress plugin JW Player for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

CVE-2026-24548 WordPress Radio Player plugin <= 2.0.91 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through = 2.0.91...

CVE-2025-32123 WordPress HTML5 Video Player with Playlist & Multiple Skins plugin <= 5.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Video Player with Playlist & Multiple Skins lbg-vp2-html5-rightside allows Reflected XSS.This issue affects HTML5 Video Player with Playlist & Multiple Skins: from n/a through =...

CVE-2023-25464

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in StreamWeasels Twitch Player plugin = 2.1.0 versions...

CVE-2023-4027

The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatesettings function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update plugin settings...

EUVD-2014-3962

Malware in sbrugna...

EUVD-2014-5078

Malware in sbrugna...

EUVD-2001-0198

Malware in sbrugna...

EUVD-2013-1500

Malware in sbrugna...

EUVD-2023-42316

Malicious code in bioql PyPI...

EUVD-2025-31686

Malicious code in bioql PyPI...

EUVD-2023-53183

Malicious code in bioql PyPI...

EUVD-2023-53920

Malicious code in bioql PyPI...

EUVD-2023-53918

Malicious code in bioql PyPI...

EUVD-2023-53917

Malicious code in bioql PyPI...

EUVD-2024-48599

Malicious code in bioql PyPI...