EUVD-2024-33438

Malicious code in bioql PyPI...

CVE-2025-6755 Game Users Share Buttons <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Deletion via themeNameId Parameter

The Game Users Share Buttons plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaxDeleteTheme function in all versions up to, and including, 1.3.0. This makes it possible for Subscriber-level attackers to add arbitrary file paths such a...

CVE-2024-7888

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions like exportforms, importforms, updatefboptions, and many more in all versions up to, and including, 3.1.7. This make...

CVE-2023-2189

The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the togglewidget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with...

Remote code execution

The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfmsavesettings AJAX action. This makes it possible for subscriber-level attackers to ed...

CVE-2023-1024 WP Meta SEO <= 4.5.3 - Missing Authorization in 'regenerateSitemaps'

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to generate sitemaps...