EUVD-2025-11740

Malicious code in bioql PyPI...

EUVD-2025-17530

Malicious code in bioql PyPI...

CVE-2025-48130

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in spicethemes Spice Blocks spice-blocks allows Path Traversal.This issue affects Spice Blocks: from n/a through = 2.0.7.4...

CVE-2025-48130

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in spicethemes Spice Blocks spice-blocks allows Path Traversal.This issue affects Spice Blocks: from n/a through = 2.0.7.4...

CVE-2025-48130 WordPress Spice Blocks <= 2.0.7.2 - Arbitrary File Download Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in spicethemes Spice Blocks allows Path Traversal. This issue affects Spice Blocks: from n/a through 2.0.7.2...

CVE-2025-48130 WordPress Spice Blocks plugin <= 2.0.7.4 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in spicethemes Spice Blocks spice-blocks allows Path Traversal.This issue affects Spice Blocks: from n/a through = 2.0.7.4...

CVE-2025-48130

CVE-2025-48130 affects Spice Blocks (WordPress Spice Blocks) with an improper pathname limitation to a restricted directory, enabling path traversal for Spice Blocks versions up to 2.0.7.2. The connected data confirms the vulnerability type and affected versions, but no explicit exploitation stat...

WordPress plugin Spice Blocks 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

PT-2025-24516 · Spicethemes · Spice Blocks

Name of the Vulnerable Software and Affected Versions: spicethemes Spice Blocks versions n/a through 2.0.7.2 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal in spicethemes Spice...

CVE-2025-39532

Missing Authorization vulnerability in spicethemes Spice Blocks spice-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spice Blocks: from n/a through = 2.0.7.7...

CVE-2025-39532

Missing Authorization vulnerability in spicethemes Spice Blocks spice-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spice Blocks: from n/a through = 2.0.7.7...

CVE-2025-39532 WordPress Spice Blocks <= 2.0.7.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in spicethemes Spice Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Spice Blocks: from n/a through 2.0.7.1...

CVE-2025-39532 WordPress Spice Blocks plugin <= 2.0.7.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in spicethemes Spice Blocks spice-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spice Blocks: from n/a through = 2.0.7.7...

CVE-2025-39532

CVE-2025-39532 affects Spice Blocks (spicethemes) up to version 2.0.7.1. Root cause: Missing Authorization due to incorrectly configured access control. Impact per metrics: high (CVSS 3.1 base 7.5) with potential network exposure and no user interaction required; integrity impact HIGH. Connected ...

WordPress plugin Spice Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-17174 · Spicethemes · Spice Blocks

Name of the Vulnerable Software and Affected Versions: spicethemes Spice Blocks versions 2.0.7.1 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. Recommendations: For version...

WordPress Spice Blocks Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Spice Blocks Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID eed12859a044 Credits Rafie Muhammad Patchstack Required...