EUVD-2023-29880

Malicious code in bioql PyPI...

EUVD-2025-13815

Malicious code in bioql PyPI...

EUVD-2024-32505

Malicious code in bioql PyPI...

EUVD-2024-31762

Malicious code in bioql PyPI...

WordPress FileBird – WordPress Media Library Folders & File Manager plugin <= 6.4.8 - Authenticated (Author+) SQL Injection vulnerability

Authenticated Author+ SQL Injection vulnerability discovered by Kenneth Billones in WordPress Plugin Filebird versions = 6.4.8...

WordPress Medical Addon for Elementor plugin <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typewriter Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Typewriter Widget vulnerability discovered by zer0gh0st in WordPress Plugin Medical Addon for Elementor versions = 1.6.3...

WordPress Blockspare plugin <= 3.2.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Carousel and Image Slider Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Carousel and Image Slider Widgets vulnerability discovered by Webbernaut in WordPress Plugin Blockspare versions = 3.2.13.1...

WordPress Sina Extension for Elementor plugin <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Sina Posts`, `Sina Blog Post` and `Sina Table` Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Sina Posts, Sina Blog Post and Sina Table Widgets vulnerability discovered by stealthcopter in WordPress Plugin Sina Extension for Elementor versions = 3.7.0...

WordPress DELUCKS SEO Plugin <= 2.6.0 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin DELUCKS SEO versions = 2.6.0...

WordPress Universal Video Player - Addon for WPBakery Page Builder <= 3.2.1 - Cross Site Scripting (XSS) Vulnerability

WordPress Universal Video Player - Addon for WPBakery Page Builder = 3.2.1 - Cross Site Scripting XSS Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Universal Video Player - Addon for WPBakery Page Builder versions = 3.2.1...

WordPress Jobmonster Theme <= 4.7.8 is vulnerable to Cross Site Scripting (XSS)

Software Jobmonster Type Theme Vulnerable versions = 4.7.8 Fixed in 4.7.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-53201 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 24486db3ae4e Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

WordPress ReachShip WooCommerce Multi-Carrier & Conditional Shipping <= 4.3.1 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ReachShip WooCommerce Multi-Carrier & Conditional Shipping versions = 4.3.1...

WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.3 - Unauthenticated PHP Object Injection via verify_field_val Function vulnerability

Unauthenticated PHP Object Injection via verifyfieldval Function vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms versions = 1.2.3...

WordPress Attachment Manager plugin <= 2.1.2 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by johska in WordPress Plugin Attachment Manager versions = 2.1.2...

WordPress School Management System plugin <= 93.1.0 - Authenticated (Subscriber+) Local File Inclusion to Privilege Escalation via Password Update vulnerability

Authenticated Subscriber+ Local File Inclusion to Privilege Escalation via Password Update vulnerability discovered by Thái An in WordPress Plugin School Management versions = 93.1.0...

WordPress Apollo - Sticky Full Width HTML5 Audio Player <= 3.4 - Cross Site Scripting (XSS) Vulnerability

WordPress Apollo - Sticky Full Width HTML5 Audio Player = 3.4 - Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Apollo - Sticky Full Width HTML5 Audio Player versions = 3.4...

WordPress Webba Booking plugin <= 5.1.20 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Webba Booking versions = 5.1.20...

WordPress JetPopup plugin <= 2.0.15 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin JetPopup versions = 2.0.15...

WordPress Strong Testimonials plugin <= 3.2.11 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Fields vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Custom Fields vulnerability discovered by ISMAILSHADOW in WordPress Plugin Strong Testimonials versions = 3.2.11...

WordPress Friends plugin <= 3.5.1 - Authenticated (Admin+) PHP Object Injection vulnerability

Authenticated Admin+ PHP Object Injection vulnerability discovered by Pham Nguyen Khoa in WordPress Plugin Friends versions = 3.5.1...