13 matches found
CVE-2026-1779
The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'registermember' function. This makes it possible for unauthenticated attackers to log in a newly registered user ...
EUVD-2023-12819
Malicious code in bioql PyPI...
EUVD-2023-58916
Malicious code in bioql PyPI...
EUVD-2025-12389
Malicious code in bioql PyPI...
CVE-2025-4671 Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes
The Profile Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's usermeta and compare shortcodes in all versions up to, and including, 3.13.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-2238
The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30. This is due to insufficient usermeta restrictions in the 'vikingerusermetaupdateajax' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-2238
The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30. This is due to insufficient usermeta restrictions in the 'vikingerusermetaupdateajax' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2023-6695
The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including arbitrary usermet...
CVE-2023-6695
Beaver Themer (WordPress) is associated with CVE-2023-6695 describing Sensitive Information Exposure via the wpbb shortcode in all versions up to and including 1.4.9. The vulnerability allows authenticated attackers withContributor+ access to extract sensitive data, including arbitrary user_meta ...
CVE-2023-6695 Beaver Themer <= 1.4.9 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode
The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including arbitrary usermet...
Beaver Themer < 1.4.9.1 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode
Description The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including...
User Shortcodes Plus <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via user_meta Shortcode
Description The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the usermeta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
Information disclosure
The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the usermeta shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that can be called via that...