EUVD-2025-10577

Malicious code in bioql PyPI...

CVE-2023-50902

Cross-Site Request Forgery CSRF vulnerability in WPExpertsio New User Approve.This issue affects New User Approve: from n/a through 2.5.1...

CVE-2025-26974

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows Blind SQL Injection.This issue affects WP Multistore Locator: from n/a through = 2.5.1...

Ultimate Member < 2.5.1 - Admin+ LFI via Traversal

The plugin does not validate and sanitize the pack parameter before using it in an include statement, which could allow high privilege users to perform local file inclusion attacks via a Traversal vector...