CVE-2025-13696

The Zigaform plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.6.5. This is due to the plugin exposing a public AJAX endpoint that retrieves form submission data without performing authorization checks to verify ownership or access rights. Th...

GHSA-V6VV-HHQC-6HH2 Malicious Package in pyramid-proportion

Version 1.0.5 of pyramid-proportion contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...

GHSA-4RX9-58M7-GR8W Malicious Package in css_transform_step

Version 1.0.6 of csstransformstep contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.6 of this module is found installed you...

Malicious Package

Overview Version 1.0.2 of csstransformsupport contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.2 of this module is found...

PT-2010-2537 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6 through 7 Description: The issue allows remote attackers to obtain sensitive form information via a crafted web site by simulating user interaction with the AutoComplete feature. An attacker could exploi...