MAL-2025-191128 Malicious code in medusa-plugin-logs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7af11d8b0e347690c78b45c790ef5d54f7cadf6d5d2fa89a86ef6c1765ab136f The package medusa-plugin-logs was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199217

Malicious code in medusa-plugin-logs npm...

Malicious code in medusa-plugin-logs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7af11d8b0e347690c78b45c790ef5d54f7cadf6d5d2fa89a86ef6c1765ab136f The package medusa-plugin-logs was found to contain malicious code. Source: ghsa-malware...

medusa-plugin-momo (>=0.0.48 <=0.0.67), medusa-plugin-zalopay (>=0.0.28 <=0.0.39) potentially affected by unknown CVE via medusa-plugin-logs (>=0.0.1 <=0.0.16)

medusa-plugin-logs NPM version =0.0.1, =0.0.48, =0.0.28, =0.0.39 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191128...

EUVD-2019-13750

Malware in sbrugna...

CVE-2024-3546

The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpmgdppopulatepopup function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber access or above...

Cross site request forgery (csrf)

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clearuucsslogs function. This makes it possible for unauthenticated attackers to clear plugi...

Maspik – Spam blacklist < 0.7.9 - Cross-Site Request Forgery (CSRF)

The plugin does not protect some of its actions in the file /admin/partials/contact-forms-anti-spam-log.php against CSRF attacks, allowing an unauthenticated attacker to clear plugin logs and stat counter by tricking a logged in user to submit a crafted request...

SUSE CVE-2019-14846

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible...

WordPress WP Express Checkout (Accept PayPal Payments) plugin <= 2.1.8 - Plugin Logs Reset vulnerability

Plugin Logs Reset vulnerability discovered in WordPress WP Express Checkout Accept PayPal Payments plugin versions = 2.1.8. Solution Update the WordPress WP Express Checkout Accept PayPal Payments plugin to the latest available version at least 2.1.9...

EPA scan Fails. Error: Failed sending epaq

Error: Failed sending Epaq We will see following error in plugin logs: 2022-01-14 07:03:05.860 | Tid: 10876 | ERROR | nsstartepa | 1030 | Failed sending GET epaq. Return code: -4 2022-01-14 07:03:05.860 | Tid: 10876 | DEBUG | nsstartepa returning Failed sending epaq Following message will be seen...

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability in the WordPress plugin WP Fusion Lite allows an attacker to delete all the...