1396 matches found
CVE-2025-11866
The CVE-2025-11866 entry concerns the WordPress Photographers galleries plugin (versions
EUVD-2025-35342
The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes w, h, rawcss, look, etc. in all versions up to, and including, 1.1.8. This is due to the plugin not properly sanitizing user input or escaping output when inserting thes...
CVE-2025-10406
The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, such as contributors, to perform LFI attacks...
CVE-2025-8561
The Ova Advent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2025-10406
The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, such as contributors, to perform LFI attacks...
CVE-2025-10406 BlindMatrix e-Commerce < 3.1 - Contributor+ LFI
The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, such as contributors, to perform LFI attacks...
EUVD-2025-34519
The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, such as contributors, to perform LFI attacks...
CVE-2025-10406
CVE-2025-10406 affects the BlindMatrix e-Commerce WordPress plugin. The vulnerability arises from unvalidated shortcode attributes that are used to build file includes, enabling Local File Inclusion (LFI) when exploited by authenticated users (e.g., contributors). The issue is triggered by genera...
CVE-2025-10406 BlindMatrix e-Commerce < 3.1 - Contributor+ LFI
The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, such as contributors, to perform LFI attacks...
PT-2025-42229
The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, such as contributors, to perform LFI attacks...
EUVD-2021-11380
Malware in sbrugna...
EUVD-2018-20769
Malware in sbrugna...
CVE-2025-9876
The Ird Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irdslider' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
EUVD-2022-51879
Malicious code in bioql PyPI...
EUVD-2023-12180
Malicious code in bioql PyPI...
EUVD-2022-51886
Malicious code in bioql PyPI...
EUVD-2023-12175
Malicious code in bioql PyPI...
EUVD-2022-52006
Malicious code in bioql PyPI...
EUVD-2022-52028
Malicious code in bioql PyPI...
EUVD-2023-54369
Malicious code in bioql PyPI...