11 matches found
EUVD-2019-16985
Malware in sbrugna...
EUVD-2022-29619
Malicious code in bioql PyPI...
EUVD-2022-4081
Malicious code in bioql PyPI...
CVE-2025-7504
The CVE-2025-7504 affects the WordPress Friends plugin (v3.5.1). It is vulnerable to PHP Object Injection through deserialization of the query_vars parameter. Exploitation requires authenticated access (subscriber level or higher). The vulnerability has no impact unless a POP chain exists in anot...
WordPress ANON::form embedded secure form plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress ANON::form embedded secure form plugin that stems from the application's lack of effective filtering and escaping of...
WordPress Blogprise plugin file inclusion vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Blogprise plugin that stems from improper file name control and can be exploited by an attacker to cause PHP native file...
CVE-2019-15519
Power-Response before 2019-02-02 allows directory traversal up to the application's main directory via a plugin...
CVE-2025-24571
CVE-2025-24571 affects the WordPress plugin WP Fast Total Search (versions 1.78.258 and earlier). The root cause is Missing Authorization / Broken Access Control, described as exploiting incorrectly configured access control security levels. The CVSS metrics indicate network attack vector with lo...
WordPress Access Control Error Vulnerability (CNVD-2021-52425)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An access control error vulnerability exists in WordPress plugin WP Upload Restriction 2.2.3 and...
Bludit File Upload Vulnerability
Bludit is an open source, lightweight blog content management system CMS. A file upload vulnerability exists in Bludit version 3.12.0, which originates from a file upload found in the file path bl-plugins backup plugin.php, and can be exploited by an attacker to gain administrator privileges and ...
squirrelmail bug
Squirrelmail remote execute commands bug Version Affected : 1.2.2 Squirrelmail is a webmail system, which allows users to send, get, read etc. mails. It has some themes, plugins etc. One of the plugins has a very interesting piece of code : from file checkme.mod.php : $sqspellcommand =...