CVE-2025-13732

CVE-2025-13732 concerns the WordPress plugin s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions (versions through 251005). The issue is a Stored Cross-Site Scripting flaw via the shortcode parameter s2Eot , caused by insufficient input sa...

EUVD-2021-11518

Malware in sbrugna...

EUVD-2021-11326

Malware in sbrugna...

EUVD-2024-49815

Malicious code in bioql PyPI...

EUVD-2024-31793

Malicious code in bioql PyPI...

EUVD-2024-31930

Malicious code in bioql PyPI...

EUVD-2024-27259

Malicious code in bioql PyPI...

CVE-2025-4585

CVE-2025-4585 - The IRM Newsroom WordPress plugin (versions

CVE-2022-1683

The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user and not just Author+ like the original advisory mention due to the fact that they ca...

CVE-2021-24606

The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+...

PT-2025-2226 · WordPress · Bmlt Meeting Map

Name of the Vulnerable Software and Affected Versions: BMLT Meeting Map plugin for WordPress versions up to, and including, 2.6.0 Description: The issue allows authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server via the bmlt meeti...

PT-2024-16540 · WordPress · The Restaurant & Cafe Addon For Elementor

Name of the Vulnerable Software and Affected Versions: The Restaurant & Cafe Addon for Elementor plugin for WordPress versions up to, and including, 1.5.9 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts...

PT-2023-32098 · WordPress · Information Reel

Name of the Vulnerable Software and Affected Versions: Information Reel plugin for WordPress versions up to, and including, 10.0 Description: The issue arises from insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the plugin's...

PT-2023-32214

Name of the Vulnerable Software and Affected Versions The Super Testimonials plugin for WordPress versions up to, and including, 2.9 Description The issue is related to Stored Cross-Site Scripting via the plugin's 'tpsscode' shortcode due to insufficient input sanitization and output escaping on...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin PostX, which stems from versions of the PostX Gutenberg Blocks for Post Grid WordPress plugin prior to 2.4.10 that enable the Saved Templates Addon, which allow...