EUVD-2026-19823

ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in ChurchCRM's person profile editing functionality. Non-administrative users who have the EditSelf permission can inject malicious JavaScript into their Facebook, LinkedIn, an...

EUVD-2022-24549

Malicious code in bioql PyPI...

CVE-2022-1209

The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1...

Input validation

The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1...

PT-2022-13713 · WordPress · Ultimate Member

Name of the Vulnerable Software and Affected Versions: The Ultimate Member plugin for WordPress versions up to, and including, 2.3.1 Description: The issue is related to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page. This makes it...

Ultimate Member < 2.3.2 - Open Redirect

The plugin is vulnerable to open redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims...