1726 matches found
EUVD-2023-49386
Malicious code in bioql PyPI...
EUVD-2023-51319
Malicious code in bioql PyPI...
EUVD-2023-28208
Malicious code in bioql PyPI...
EUVD-2023-59376
Malicious code in bioql PyPI...
EUVD-2022-48669
Malicious code in bioql PyPI...
EUVD-2024-48593
Malicious code in bioql PyPI...
EUVD-2023-31222
Malicious code in bioql PyPI...
EUVD-2025-2834
Malicious code in bioql PyPI...
EUVD-2023-49378
Malicious code in bioql PyPI...
EUVD-2023-35146
Malicious code in bioql PyPI...
CVE-2025-9858 Auto Bulb Finder for WordPress <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Auto Bulb Finder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abfvehicle' shortcode in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2025-9080 Generic Elements <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Generic Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget fields in version 1.2.8 and earlier. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with...
WordPress plugin RestroPress 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An information...
PT-2025-40504
Name of the Vulnerable Software and Affected Versions Mobile Site Redirect versions up to and including 1.2.1 Description The Mobile Site Redirect plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on a function. This allows...
CVE-2025-10744 File Manager, Code editor, backup by Managefy <= 1.6.1 - Unauthenticated Information Exposure
The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view information like full paths and...
CVE-2025-10128 Eulerpool Research Systems <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Eulerpool Research Systems plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aaq' shortcode in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2025-39718
Name of the Vulnerable Software and Affected Versions Professional Contact Form plugin for WordPress versions prior to 1.0.1 Description The Professional Contact Form plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of proper nonce validation within the...
WordPress EmailKit Plugin <= 1.6.0 - Arbitrary Content Deletion Vulnerability
Arbitrary Content Deletion Vulnerability discovered by Denver Jackson in WordPress Plugin EmailKit versions = 1.6.0...
CVE-2025-60143
Netgsm plugin for WordPress (Netgsm), versions up to 2.9.58, has a Missing Authorization (Broken Access Control) vulnerability due to incorrectly configured access control levels. The CVE-2025-60143 entry is listed as Unpatched in the provided documents; exploitation status and mitigations are no...
CVE-2025-60120
CVE-2025-60120 : WP Directory Kit plugin for WordPress had a Missing Authorization vulnerability affecting versions up to 1.4.0, enabling exploitation of access-control misconfigurations. The Wordfence entry confirms patch in 1.4.0. Remediation: upgrade to a version >= 1.4.0 (or apply vendor p...