60 matches found
EUVD-2021-23699
Malware in sbrugna...
EUVD-2024-50070
Malicious code in bioql PyPI...
EUVD-2025-1530
Malicious code in bioql PyPI...
EUVD-2024-54062
Malicious code in bioql PyPI...
EUVD-2025-5899
Malicious code in bioql PyPI...
EUVD-2024-54112
Malicious code in bioql PyPI...
EUVD-2024-54127
Malicious code in bioql PyPI...
EUVD-2025-22398
Malicious code in bioql PyPI...
EUVD-2025-12129
Malicious code in bioql PyPI...
EUVD-2025-21206
Malicious code in bioql PyPI...
EUVD-2025-13394
Malicious code in bioql PyPI...
EUVD-2025-13654
Malicious code in bioql PyPI...
EUVD-2025-10412
Malicious code in bioql PyPI...
EUVD-2025-12128
Malicious code in bioql PyPI...
CVE-2025-7722
The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their user meta information in the updateusermeta function. This makes it possible for...
CVE-2025-4606
The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4. This is due to the theme not properly validating a user's identity prior to updating their details like password. This makes it...
PT-2025-28838 · Unknown · Sala - Startup & Saas Wordpress Theme
Name of the Vulnerable Software and Affected Versions: Sala - Startup & SaaS WordPress Theme versions prior to 1.1.5 Description: The issue arises from the theme's failure to properly validate a user's identity before updating their details, such as the password. This allows unauthenticated...
CVE-2025-3848
The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 1.1.0 to 2.7.13. This is due to the plugin not properly validating a user's identity prior to updating their email through the update...
CVE-2025-3848
...
CVE-2025-3848
The WP SmartPay WordPress plugin (versions 1.1.0–2.7.13) is vulnerable to privilege escalation via account takeover due to improper validation in the update() function. An authenticated user with Subscriber level or higher can change arbitrary users’ emails (including admins) and then reset passw...