PT-2026-46323

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

PT-2026-46351

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

LeakIX Search

This module uses the LeakIX API to search for exposed services and data leaks. LeakIX is a search engine focused on indexing internet-exposed services and leaked credentials/databases. An API key is required free at https://leakix.net. Actions: SEARCH - Query LeakIX with a search string and scope...

CVE-2023-31232

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in David Artiss Plugins List plugin = 2.5 versions...

EUVD-2023-35547

Malicious code in bioql PyPI...

CVE-2025-10212

The SiteAlert Formerly WP Health plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated attackers to view the site health information, includi...

CVE-2025-10212 SiteAlert (Formerly WP Health) <= 1.9.8 - Missing Authorization to Unauthenticated Site Health Information Exposure

The SiteAlert Formerly WP Health plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated attackers to view the site health information, includi...

@alauda-fe/create-alauda-mfe-plugin (>=0.0.1 <=0.0.2), @apj-pace/pace-nx-plugin (>=0.0.2 <=0.0.5) +75 more potentially affected by CVE-2025-10894 via nx (>=20.0.0-beta.0 <=20.0.9)

nx NPM version =20.0.0-beta.0, =0.0.1, =0.0.2, =0.0.0, =0.5.0, =0.0.1, =0.0.25, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-canary.20240926-529ab94 and more Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NX-12205542...

CVE-2023-31232

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in David Artiss Plugins List plugin = 2.5 versions...

CVE-2023-31232

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in David Artiss Plugins List plugin = 2.5 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in David Artiss Plugins List plugin = 2.5 versions...

CVE-2023-31232

CVE-2023-31232: WordPress Plugins List plugin (≤ 2.5) is vulnerable to stored XSS (admin+). Root cause involves insufficient escaping in plugin output (e.g., replace_plugin_list_tags). Impact and exploitability are described in connected sources as admin-privileged, stored XSS with potential risk...

Plugins List < 2.5.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Plugins List Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Software Plugins List Type Plugin Vulnerable versions = 2.5 Fixed in 2.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-31232 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID aa0ba87f0fd0 Credits Yuki Haruma Required privile...

com.blazemeter:jmeter-plugins-directory-listing (>=0.2 <=0.3), com.blazemeter:jmeter-plugins-random-csv-data-set (>=0.6 <=0.8) +134 more potentially affected by CVE-2022-40705 via soap:soap (>=2.3 <=2.3.1)

soap:soap MAVEN version =2.3, =0.2, =0.6, =0.3, =1.0.0, =0.0.0, =0.0.0, =1.3.1-2.6, =1.4, =1.0.0-2.13, =1.1.0, =1.0.0, =1.1.3 and more Source cves: CVE-2022-40705 Source advisory: OSV:GHSA-JQ8C-J47C-VVWM...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1602 more potentially affected by CVE-2022-34174 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.33)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2022-34174 Source advisory: OSV:GHSA-9GRJ-J43M-MJQR...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1574 more potentially affected by CVE-2019-10406 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.17)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2019-10406 Source advisory: OSV:GHSA-HW55-F8WC-82M6...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +698 more potentially affected by CVE-2013-7330 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.480.2)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.9, =1.0, =1.0, =1.0-beta-1, =2.1, =1.0, =1.0, =0.1, =0.1, =0.17 and more Source cves: CVE-2013-7330 Source advisory: OSV:GHSA-H5JV-HG68-MJHG...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1186 more potentially affected by CVE-2014-9634 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.585)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =0.9, =1.3, =1.0, =1.0.3, =1.0.0, =1.0, =1.0.0, =2.2.0, =1.0-beta-1, =4.18 - com.boxuk.jenkins:jslint =0.7.4 and more Source cves: CVE-2014-9634 Source advisory: OSV:GHSA-G7CF-WG27-QW87...