52 matches found
CVE-2026-12094
The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the cf7cdbajaxdeleteuser function in versions up to, and including, 1.0.0. The handler is registered against both wpajaxcf7cdbdelete and...
WordPress plugin Alfie – Feed Plugin 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-42724
Name of the Vulnerable Software and Affected Versions Alfie – Feed Plugin for WordPress versions prior to 1.2.2 Description Cross-Site Request Forgery occurs due to missing nonce validation in the alfie manage function, which handles feed deletion through the 'delete' GET parameter. This allows...
CVE-2026-6618 langgenius dify ApiBasedToolSchemaParser parser.py parse_openai_plugin_json_to_tool_bundle server-side request forgery
A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parseopenaipluginjsontotoolbundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The...
CVE-2026-1000
The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration function. This makes it possible for authenticated attackers, wi...
CVE-2026-1000
The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration function. This makes it possible for authenticated attackers, wi...
CVE-2026-1000
The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration function. This makes it possible for authenticated attackers, wi...
PT-2026-3218
The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration function. This makes it possible for authenticated attackers, wi...
CVE-2024-2019
The WP-DB-Table-Editor plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to lack of a default capability requirement on the 'dbterender' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated...
CVE-2025-14159
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ayssccpresultsexportfile' AJAX action. This makes it possible for unauthenticated...
Server-Side Template Injection (SSTI)
getgrav/grav is vulnerable to a Server-Side Template Injection SSTI. The vulnerability is due to improper input handling in form submissions, which allows an attacker to send a crafted POST payload to expose sensitive configuration details, including plugin configurations...
EUVD-2025-36971
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'myapppverify' function in all versions up to, and including, 4.5.0. This makes it possible for unauthenticated attackers to extract sensitive data...
EUVD-2025-35902
The GenerateBlocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getoptionrest' function in all versions up to, and including, 2.1.1. This makes it possible for authenticated attackers, with contributor level access and above, to read...
EUVD-2025-4619
Malicious code in bioql PyPI...
EUVD-2023-59254
Malicious code in bioql PyPI...
EUVD-2023-23591
Malicious code in bioql PyPI...
EUVD-2024-50166
Malicious code in bioql PyPI...
EUVD-2024-2596
Malicious code in bioql PyPI...
EUVD-2024-51661
Malicious code in bioql PyPI...
CVE-2025-9622 WP Blast | SEO & Performance Booster <= 1.8.6 - Cross-Site Request Forgery to Cache Clearing
The WP Blast | SEO & Performance Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.6. This is due to missing or incorrect nonce validation on multiple administrative actions in the Settings class. This makes it possible for...