CVE-2025-70129

If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. T...

CVE-2025-70129

If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. T...

UBUNTU-CVE-2025-70129

If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. T...

PT-2026-24368

Name of the Vulnerable Software and Affected Versions PluXml versions 5.8.22 and earlier Description When the anti-spam captcha functionality is enabled, PluXml generates captcha challenges in a format that can be automatically recognized. This allows automated scripts to bypass the anti-spam...

PluXml 安全漏洞

PluXml is an open-source, free content management system developed by PluXml. It works without the need for a database. PluXml versions 5.8.22 and earlier have security vulnerabilities. These vulnerabilities stem from the exposure of details related to the anti-spam CAPTCHA function. This could...

CVE-2025-70129

If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. T...

CVE-2025-70129

CVE-2025-70129 affects PluXml versions 5.8.22 and earlier, where the anti spam-captcha mechanism can be bypassed. The captcha format is exposed in articles with comments and anti spam-captcha enabled, revealing fields such as capcha-letter, capcha-word, and capcha-token. An automated script can c...

CVE-2025-70129

If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. T...

CVE-2025-13973 StickEasy Protected Contact Form <= 1.0.1 - Unauthenticated Information Disclosure

The StickEasy Protected Contact Form plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.0.2. The plugin stores spam detection logs at a predictable publicly accessible location...

EUVD-2022-24949

Malicious code in bioql PyPI...

EUVD-2025-11865

Malicious code in bioql PyPI...

CVE-2022-1663

The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request...

CVE-2025-30357

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator...

CVE-2025-30357 NamelessMC Forum Topic Deletion Triggered by Unrelated User Deletion

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator...

CVE-2025-30357 NamelessMC Forum Topic Deletion Triggered by Unrelated User Deletion

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator...

CVE-2025-30357 NamelessMC Forum Topic Deletion Triggered by Unrelated User Deletion

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator...

CVE-2025-30357

CVE-2025-30357 affects NamelessMC forum software. In versions ≤ 2.1.4, a malicious user posting spam across topics could trigger deletion of that user by an admin, which would cause all that user’s posts (and in turn related topics by unrelated users) to be marked as deleted. The issue has been p...

PT-2025-17310 · Unknown · Namelessmc

Name of the Vulnerable Software and Affected Versions: NamelessMC versions 2.1.4 and prior Description: The issue arises when a malicious user leaves spam comments on many topics. If an administrator deletes the malicious user's account, all their posts along with the associated topics by unrelat...

CVE-2022-1663

The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request...

CVE-2022-1663

CVE-2022-1663 describes an information-disclosure/credential-bypass issue in the WordPress Stop Spam Comments plugin (versions ≤ 0.2.1.2). The vulnerability stems from improper generation of the Javascript access token (ssc_key) intended to prevent abuse of the comment section, allowing an attack...