1414 matches found
CVE-2025-10406
The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, such as contributors, to perform LFI attacks...
CVE-2025-8561
The Ova Advent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2025-10406
The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, such as contributors, to perform LFI attacks...
CVE-2025-10406 BlindMatrix e-Commerce < 3.1 - Contributor+ LFI
The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, such as contributors, to perform LFI attacks...
CVE-2025-10406 BlindMatrix e-Commerce < 3.1 - Contributor+ LFI
The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, such as contributors, to perform LFI attacks...
EUVD-2025-34519
The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, such as contributors, to perform LFI attacks...
CVE-2025-10406
CVE-2025-10406 affects the BlindMatrix e-Commerce WordPress plugin. The vulnerability arises from unvalidated shortcode attributes that are used to build file includes, enabling Local File Inclusion (LFI) when exploited by authenticated users (e.g., contributors). The issue is triggered by genera...
PT-2025-42229
The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, such as contributors, to perform LFI attacks...
EUVD-2021-11380
Malware in sbrugna...
EUVD-2018-20769
Malware in sbrugna...
CVE-2025-9876
The Ird Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irdslider' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
EUVD-2022-51819
Malicious code in bioql PyPI...
EUVD-2023-12263
Malicious code in bioql PyPI...
EUVD-2023-12162
Malicious code in bioql PyPI...
EUVD-2022-51886
Malicious code in bioql PyPI...
EUVD-2022-51913
Malicious code in bioql PyPI...
EUVD-2023-12541
Malicious code in bioql PyPI...
EUVD-2022-51810
Malicious code in bioql PyPI...
EUVD-2023-12235
Malicious code in bioql PyPI...
EUVD-2023-12424
Malicious code in bioql PyPI...