849 matches found
CVE-2025-11733 Footnotes Made Easy <= 3.0.7 - Unauthenticated Stored Cross-Site Scripting
The Footnotes Made Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...
WordPress plugin DominoKit 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
CVE-2025-12005
CVE-2025-12005 affects the WordPress plugin WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress (versions
CVE-2020-36853
The 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Plugin Settings Change in versions up to, and including, 1.0.63 due to insufficient input sanitization and output escaping and a lack of capability checks. This makes it possible for unauthenticated attacker...
CVE-2020-36853 10WebMapBuilder <= 1.0.63 - Unauthenticated Stored Cross-Site Scripting via Plugin Settings Change
The 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Plugin Settings Change in versions up to, and including, 1.0.63 due to insufficient input sanitization and output escaping and a lack of capability checks. This makes it possible for unauthenticated attacker...
CVE-2020-36853 10WebMapBuilder <= 1.0.63 - Unauthenticated Stored Cross-Site Scripting via Plugin Settings Change
The 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Plugin Settings Change in versions up to, and including, 1.0.63 due to insufficient input sanitization and output escaping and a lack of capability checks. This makes it possible for unauthenticated attacker...
CVE-2020-36853
The CVE-2020-36853 entry concerns the WordPress plugin 10WebMapBuilder, with a Stored Cross-Site Scripting (XSS) vulnerability affecting versions up to and including 1.0.63. The issue stems from insufficient input sanitization and output escaping and a lack of capability checks in the Plugin Sett...
CVE-2025-10038 Binary MLM Plan <= 3.0 - Unauthenticated Limited Privilege Escalation
The Binary MLM Plan plugin for WordPress is vulnerable to limited Privilege Escalation in all versions up to, and including, 3.0. This is due to bmpuser role granting all users with the managebmp capability by default upon registration through the plugin's form. This makes it possible for...
EUVD-2025-34564
The FunKItools plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the saveFields function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...
CVE-2025-11166 WP Go Maps (formerly WP Google Maps) <= 9.0.46 - Cross-Site Request Forgery to Plugin Settings Update
The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to, and including, 9.0.46. This is due to the plugin exposing state-changing REST actions through an AJAX bridge without proper CSRF token validation, and having...
EUVD-2021-23467
Malware in sbrugna...
EUVD-2019-5546
Malware in sbrugna...
EUVD-2019-3529
Malware in sbrugna...
EUVD-2014-9389
Malware in sbrugna...
EUVD-2021-11243
Malware in sbrugna...
EUVD-2016-1893
Malware in sbrugna...
EUVD-2021-11553
Malware in sbrugna...
WordPress Optimize More! – CSS plugin <= 1.0.3 - Cross-Site Request Forgery to Plugin Settings Reset vulnerability
Cross-Site Request Forgery to Plugin Settings Reset vulnerability discovered by Nabil Irawan in WordPress Plugin Optimize More! – CSS versions = 1.0.3...
EUVD-2022-43152
Malicious code in bioql PyPI...
EUVD-2024-17453
Malicious code in bioql PyPI...