EUVD-2024-43956

Malicious code in bioql PyPI...

EUVD-2024-49167

Malicious code in bioql PyPI...

EUVD-2024-17569

Malicious code in bioql PyPI...

EUVD-2023-54023

Malicious code in bioql PyPI...

EUVD-2022-24915

Malicious code in bioql PyPI...

CVE-2025-9892 Restrict User Registration <= 1.0.1 - Cross-Site Request Forgery to Settings Update

The Restrict User Registration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the update function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2025-9892

CVE-2025-9892 describes a Cross-Site Forgery vulnerability in the WordPress plugin Restrict User Registration (versions ≤ 1.0.1) due to missing nonce validation in the update() function. This allows unauthenticated attackers to update plugin settings by mislead­ing an admin into performing an act...

CVE-2025-9945 Optimize More! – CSS <= 1.0.3 - Cross-Site Request Forgery to Plugin Settings Reset

The Optimize More! – CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the resetplugin function. This makes it possible for unauthenticated attackers to reset the plugin's...

CVE-2025-9945 Optimize More! – CSS <= 1.0.3 - Cross-Site Request Forgery to Plugin Settings Reset

The Optimize More! – CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the resetplugin function. This makes it possible for unauthenticated attackers to reset the plugin's...

CVE-2025-9945

CVE-2025-9945 affects the WordPress plugin “Optimize More! – CSS” (versions up to 1.0.3). The issue is a Cross-Site Request Forgery caused by missing/incorrect nonce validation in the reset_plugin function, allowing unauthenticated attackers to trigger a site administrator action to reset plugin ...

PT-2025-39485

Name of the Vulnerable Software and Affected Versions ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution versions prior to 4.8.4 Description The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is susceptible to unauthorized access. This is due to ...

CVE-2025-9627

The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on the oirlpluginoptions function. This makes it possible for unauthenticated attackers to modify plugin settings includi...

CVE-2025-9627

The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on the oirlpluginoptions function. This makes it possible for unauthenticated attackers to modify plugin settings includi...

CVE-2025-0763 Ultimate Classified Listings <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

The Ultimate Classified Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomfields function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access a...

PT-2025-37147

The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on the oirl plugin options function. This makes it possible for unauthenticated attackers to modify plugin settings...

CVE-2025-7827

The Ni WooCommerce Customer Product Report plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the niwoocpraction function in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-leve...

CVE-2025-7827

The CVE-2025-7827 entry affects the Ni WooCommerce Customer Product Report plugin for WordPress. It documents a missing capability check in the ni_woocpr_action() function across all versions up to 1.2.4, enabling authenticated attackers with Subscriber-level access and above to modify plugin set...

CVE-2025-8080

The Alobaidi Captcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2025-8080

The Alobaidi Captcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2025-7835

The iThoughts Advanced Code Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.10. This is due to missing or incorrect nonce validation on the 'ithoughtsaceupdateoptions' AJAX action. This makes it possible for unauthenticated attacke...