Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine in the renderString function. An attacker can execute arbitrary PHP code by injecting malicious Twig template code when authenticated with access to the Craft control...

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.16.1 contained a security vulnerability. This vulnerability stemmed from the AddonViewSet of the REST API not limiting results based on user permissions, which could all...

EUVD-2026-5250

Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through = 2.2.8...

CVE-2025-55074

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

EUVD-2013-3201

Malware in sbrugna...

EUVD-2022-52023

Malicious code in bioql PyPI...

EUVD-2024-0393

Malicious code in bioql PyPI...

EUVD-2023-2145

Malicious code in bioql PyPI...

CVE-2025-30929 WordPress fluXtore plugin <= 1.6.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in amazewp fluXtore fluxtore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fluXtore: from n/a through = 1.6.0...

CVE-2025-3702 WordPress Melapress File Monitor plugin < 2.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Melapress Melapress File Monitor website-file-changes-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File Monitor: from n/a through 2.2.0...

CVE-2025-53293 WordPress Dashboard Widget Sidebar plugin <= 1.2.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Morten Dalgaard Johansen Dashboard Widget Sidebar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Dashboard Widget Sidebar: from n/a through 1.2.3...

CVE-2025-53266

CVE-2025-53266: WordPress Cron Logger plugin

PT-2025-24650 · WordPress · The Ultimate Blocks

Name of the Vulnerable Software and Affected Versions: The Ultimate Blocks – WordPress Blocks Plugin versions up to, and including, 3.3.3 Description: The issue is related to Stored Cross-Site Scripting via multiple widgets due to insufficient input sanitization and output escaping. This allows...

CVE-2024-6799

The YITH Essential Kit for WooCommerce 1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodule', 'deactivatemodule', and 'installmodule' functions in all versions up to, and including, 2.34.0. This makes it possible for...

CVE-2022-0442

The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar...

CVE-2025-39412

CVE-2025-39412 is a Missing Authorization issue affecting WordPress Master Slider/Master Slider plugin. Public details show: Averta Master Slider affected up to version 3.10.8; Master Slider plugin affected up to 3.11.0 (per Patchstack). Applicable CVSS base metrics indicate low to moderate impac...

WordPress EventPrime plugin < 3.5.0 - Subscriber+ Arbitrary booking settings update vulnerability

Subscriber+ Arbitrary booking settings update vulnerability discovered by caon in WordPress Plugin EventPrime versions 3.5.0...

PT-2025-21381 · WordPress · The Ultimate Noindex Nofollow Tool

Name of the Vulnerable Software and Affected Versions: The Ultimate Noindex Nofollow Tool WordPress plugin versions 1.1.2 and earlier Description: The issue concerns a lack of CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...

WordPress Envo Extra plugin <= 1.9.9 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by domiee13 in WordPress Plugin Envo Extra versions = 1.9.9...

CVE-2025-39457 WordPress Booking and Rental Manager plugin <= 2.2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booking and Rental Manager: from n/a through 2.2.8...