WordPress Google Plus One Bottom plugin <= 0.0.2 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by swat in WordPress Plugin Google Plus One Bottom versions = 0.0.2...

Malicious code in @rivianlabs/bedrock (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d12061e491ebc9109496b77ffd62384bba9a781ac9f0579343a61c5742df351 The package @rivianlabs/bedrock was found to contain malicious code. Source: ossf-package-analysis...

CVE-2024-53412

CVE-2024-53412 describes a command injection in the i/o of NietThijmen ShoppingCart 0.0.2, specifically in the connect function where user-supplied input in the Port field enables arbitrary shell commands and potential remote code execution. The public documentation identifies the vulnerability a...

Shopping Cart 安全漏洞

Shopping Cart is a SSH host connection management tool developed by Thijmen’s individual developer. Version 0.0.2 of Shopping Cart contains a security vulnerability, which stems from command injection in the connect function. This vulnerability could potentially allow for the execution of arbitra...

Datapizza AI 代码问题漏洞

Datapizza AI is an open-source development framework for intelligent agents by Datapizza. Version 0.0.2 of Datapizza AI contains code vulnerabilities. These vulnerabilities stem from incorrect operations on the function RedisCache in the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.p...

initCoders Free Photo & Video Vault 路径遍历漏洞

initCoders Free Photo & Video Vault is an album application developed by the Indian company initCoders. Version 0.0.2 of initCoders Free Photo & Video Vault has a path traversal vulnerability, which stems from a directory traversal vulnerability, potentially allowing access to sensitive system...

CVE-2025-65512

A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...

EUVD-2025-202592

Cross Site Scripting vulnerability in Fearless Geek Media FearlessCMS v.0.0.2-15 allows a remote attacker to obtain sensitive information via the login.php component...

CVE-2025-56430

Directory Traversal vulnerability in Fearless Geek Media FearlessCMS v.0.0.2-15 allows a remote attacker to cause a denial of service via the plugin-handler.php and the deleteDirectory function...

FearlessCMS 安全漏洞

FearlessCMS is a flat file content management system from the individual developers at Fearless Geek Media. A security vulnerability exists in FearlessCMS version v.0.0.2-15, which stems from a directory traversal vulnerability in the plugin-handler.php and filegetcontents functions, which could...

FearlessCMS 安全漏洞

FearlessCMS is a flat file content management system from the individual developers at Fearless Geek Media. A security vulnerability exists in FearlessCMS version v.0.0.2-15, which stems from a cross-site scripting vulnerability in the login.php component that could lead to the disclosure of...

CVE-2025-56429

Cross Site Scripting vulnerability in Fearless Geek Media FearlessCMS v.0.0.2-15 allows a remote attacker to obtain sensitive information via the login.php component...

FearlessCMS 安全漏洞

FearlessCMS is a flat file content management system from the individual developers at Fearless Geek Media. A security vulnerability exists in FearlessCMS version v.0.0.2-15, which stems from a directory traversal vulnerability in the plugin-handler.php and deleteDirectory functions, which could...

CVE-2025-56430

Directory Traversal vulnerability in Fearless Geek Media FearlessCMS v.0.0.2-15 allows a remote attacker to cause a denial of service via the plugin-handler.php and the deleteDirectory function...

CVE-2025-12582

The Features plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'featuresrevertoption AJAX endpoint in all versions up to, and including, 0.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2025-12582

The Features plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'featuresrevertoption AJAX endpoint in all versions up to, and including, 0.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2025-12582 Features <= 0.0.2 - Missing Authorization to Authenticated (Subscriber+) Option Reset

The Features plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'featuresrevertoption AJAX endpoint in all versions up to, and including, 0.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...

PT-2025-45065

Name of the Vulnerable Software and Affected Versions Features plugin for WordPress versions up to and including 0.0.2 Description The Features plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check on the features revert option API...

WordPress plugin Features 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2025-26660

Malicious code in bioql PyPI...