EUVD-2023-44776

Malicious code in bioql PyPI...

EUVD-2022-25225

Malicious code in bioql PyPI...

PT-2025-38299

Name of the Vulnerable Software and Affected Versions Password Reset with Code for WordPress REST API plugin versions prior to 0.0.17 Description The plugin does not employ cryptographically secure algorithms for generating One-Time Password OTP codes, which could allow for account takeovers...

Security Bulletin: IBM SOAR QRadar Plugin app for IBM QRadar SIEM is affected by server-side template injection leading to remote code execution (CVE-2025-27516)

Summary IBM SOAR QRadar Plugin app for IBM QRadar SIEM is affected by server-side template injection leading to remote code execution. IBM SOAR QRadar Plugin app has addressed the issue in the latest update. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating...

[SECURITY] Fedora 41 Update: mingw-gstreamer1-plugins-base-1.26.3-1.fc41

GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types ...

PT-2025-32036 · WordPress · Wpbakery Page Builder For Wordpress

Name of the Vulnerable Software and Affected Versions: WPBakery Page Builder for WordPress plugin versions prior to 8.6 Description: The WPBakery Page Builder for WordPress plugin is susceptible to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on...

PT-2025-31604 · Elementor +1 · Elementor +1

Name of the Vulnerable Software and Affected Versions: Stratum – Elementor Widgets versions up to and including 1.6.0 Description: The Stratum – Elementor Widgets plugin for WordPress is susceptible to Stored Cross-Site Scripting through the Advanced Google Maps and Image Hotspot widgets...

PT-2025-31185 · Automattic +1 · Woocommerce +1

Name of the Vulnerable Software and Affected Versions: Bonanza – WooCommerce Free Gifts Lite plugin versions up to and including 1.0.0 Description: The Bonanza – WooCommerce Free Gifts Lite plugin for WordPress is susceptible to unauthorized data modification because of a missing capability check...

PT-2025-31163 · WordPress · Streamweasels Youtube Integration

Name of the Vulnerable Software and Affected Versions: StreamWeasels YouTube Integration plugin for WordPress versions prior to 1.4.1 Description: The StreamWeasels YouTube Integration plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s data-uuid attribute...

PT-2025-30647 · WordPress · Taeggie Feed

Name of the Vulnerable Software and Affected Versions: Taeggie Feed plugin for WordPress versions up to and including 0.1.10 Description: The Taeggie Feed plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s taeggie-feed shortcode. The render method incorporates...

PT-2025-30517 · WordPress · Social Streams

Name of the Vulnerable Software and Affected Versions: Social Streams plugin for WordPress versions up to and including 1.0.1 Description: The Social Streams plugin for WordPress does not properly validate a user's identity before updating user meta information via the update user meta function...

PT-2025-30424 · WordPress · Shortcodes Ultimate

Name of the Vulnerable Software and Affected Versions: WP Shortcodes Plugin — Shortcodes Ultimate versions prior to 7.4.3 Description: The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is susceptible to Stored Cross-Site Scripting. The issue stems from insufficient input...

PT-2025-30383 · WordPress · Conditional Fields +3

Name of the Vulnerable Software and Affected Versions: Extensions For CF7 versions up to and including 3.2.8 Description: The Extensions For CF7 Contact form 7 Database, Conditional Fields and Redirection plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path...

PT-2025-30118 · WordPress · Vchasno Kasa

Name of the Vulnerable Software and Affected Versions: Vchasno Kasa plugin for WordPress versions up to and including 1.0.3 Description: The Vchasno Kasa plugin for WordPress is susceptible to unauthorized data access due to a missing capability check within the mrkv vchasno kasa wc do metabox...

WP Publications WordPress Plugin 1.2 - Stored XSS

Exploit Title: WP Publications WordPress Plugin 1.2 - Stored XSS Google Dork: inurl:/wp-content/plugins/wp-publications/ Date: 2025-07-15 Exploit Author: Zeynalxan Quliyev Vendor Homepage: https://wordpress.org/plugins/wp-publications/ Software Link:...

PT-2025-29542 · WordPress · Restrict File Access

Name of the Vulnerable Software and Affected Versions: Restrict File Access plugin for WordPress versions up to and including 1.1.2 Description: The Restrict File Access plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the...

PT-2025-28844 · WordPress · Sureforms

Name of the Vulnerable Software and Affected Versions: SureForms – Drag and Drop Form Builder for WordPress versions up to 1.7.3 Description: The issue allows unauthenticated attackers to inject a PHP object through the use of file exists in the delete entry files function without restriction on...

PT-2025-27596 · WordPress · Magic Buttons For Elementor

Name of the Vulnerable Software and Affected Versions: Magic Buttons for Elementor plugin for WordPress versions prior to 1.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin's...

PT-2025-27592 · WordPress · Drag/Drop Multiple File Upload

Name of the Vulnerable Software and Affected Versions: Drag and Drop Multiple File Upload Pro - WooCommerce plugin for WordPress versions 1.7.1 and earlier Drag and Drop Multiple File Upload Pro - WooCommerce plugin for WordPress versions 5.0 through 5.0.5 when bundled with the PrintSpace theme...

WordPress LifterLMS plugin <= 8.0.6 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by ChuongVN in WordPress Plugin LifterLMS versions = 8.0.6...