CVE-2024-43315

Authorization Bypass Through User-Controlled Key vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1...

CVE-2024-30551

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Toast Plugins Sticky Anything.This issue affects Sticky Anything: from n/a through 2.1.5...

CVE-2024-30427

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.7...

CVE-2024-49691

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WBW Plugins Product Filter by WBW woo-product-filter allows SQL Injection.This issue affects Product Filter by WBW: from n/a through = 2.7.0...

CVE-2024-49308

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Toast Plugins Animator scroll-triggered-animations allows Reflected XSS.This issue affects Animator: from n/a through = 3.0.15...

CVE-2024-10633

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 Business, up to, and including, 21.8.0 Developer, and up to, and including, 31.8.0 Agency. This is due to the software allowing users to...

CVE-2024-10097

The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to lo...

CVE-2024-51634

Cross-Site Request Forgery CSRF vulnerability in a.ankit Webriti Custom Login webriti-custom-login-page allows Reflected XSS.This issue affects Webriti Custom Login: from n/a through = 0.3...

CVE-2024-51657

Cross-Site Request Forgery CSRF vulnerability in Woopy Plugins SmartLink Dynamic URLs smartlink-dinamic-urls allows Stored XSS.This issue affects SmartLink Dynamic URLs: from n/a through = 1.1.0...

CVE-2024-6297

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...

CVE-2024-33646

Cross-Site Request Forgery CSRF vulnerability in Toast Plugins Sticky Anything allows Cross-Site Scripting XSS.This issue affects Sticky Anything: from n/a through 2.1.5...

CVE-2024-24842

Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through 11.30.2...

CVE-2024-44018

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in istmoplugins Instant Chat Floating Button for WordPress Websites instant-chat-wp allows PHP Local File Inclusion.This issue affects Instant Chat Floating Button for WordPress Websites: from n/a through =...

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. Discourse suffers from a cross-site scripting vulnerability that stems from the fact that the activity stream in a user's profile page may be...

Amazon Linux 2 : gstreamer1-plugins-base, --advisory ALAS2-2025-2747 (ALAS-2025-2747)

The version of gstreamer1-plugins-base installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2747 advisory. GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has...

PT-2025-2952 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest version of Discourse core Description: Discourse is an open source platform for community discussion. In affected versions with some combinations of plugins, and with CSP disabled, activity streams in th...

Malicious code in cxf-plugins (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-1213 Malicious code in cxf-plugins (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in command-plugins (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-817 Malicious code in command-plugins (npm)

--- -= Per source details. Do not edit below this line.=-...