EUVD-2025-203187

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with...

CVE-2025-12512 GenerateBlocks <= 2.1.2 - Authenticated (Contributor+) Information Exposure via Metadata

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with...

CVE-2025-12512 GenerateBlocks <= 2.1.2 - Authenticated (Contributor+) Information Exposure via Metadata

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with...

PT-2025-51042

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with current user...

EUVD-2021-11203

Malware in sbrugna...

EUVD-2024-16655

Malicious code in bioql PyPI...

WordPress Widget Options plugin <= 4.0.1 - Subscriber+ User Meta Data Exposure Vulnerability

Subscriber+ User Meta Data Exposure Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Widget Options versions = 4.0.1...

CVE-2024-0872

The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data which ca...

CVE-2024-0872 Watu Quiz <= 3.4.1 - Sensitive Information Disclosure

The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data which ca...

CVE-2024-0872

CVE-2024-0872 affects the Watu Quiz WordPress plugin. All versions up to 3.4.1 are vulnerable via the watu-userinfo shortcode, allowing authenticated attackers with contributor-level access and above to access sensitive user metadata (including session tokens and emails). The provided documents d...

CVE-2024-0872 Watu Quiz <= 3.4.1 - Sensitive Information Disclosure

The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data which ca...

Watu Quiz < 3.4.1.1 - Sensitive Information Disclosure

Description The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta...

CVE-2024-23523 WordPress Elementor Pro plugin <= 3.19.2 - Contributor+ Arbitrary User Meta Data Retrieval vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Elementor Pro.This issue affects Elementor Pro: from n/a through 3.19.2...

CVE-2024-23523 WordPress Elementor Pro plugin <= 3.19.2 - Contributor+ Arbitrary User Meta Data Retrieval vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Elementor Pro.This issue affects Elementor Pro: from n/a through 3.19.2...

CVE-2021-24289

Store Locator Plus for WordPress (

CVE-2021-24289 Store Locator Plus <= 5.5.14 - Authenticated Privilege Escalation

There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin...

Store Locator Plus <= 5.5.14 - Authenticated Privilege Escalation

There is functionality in the plugin that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin. Partially unpatched because they added CSRF protection that technically blocks low-level users from using the endpoint, howeve...