EUVD-2025-204227

Insertion of Sensitive Information Into Sent Data vulnerability in WPCenter eRoom eroom-zoom-meetings-webinar allows Retrieve Embedded Sensitive Data.This issue affects eRoom: from n/a through = 1.5.6...

Use of Hard-coded Cryptographic Key

Overview arcade-mcp is an Arcade.dev - Tool Calling platform for Agents Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key via the HTTP server uses a hardcoded default worker secret "dev" that is never validated or overridden during normal server startup. An...

WordPress plugin eRoom 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-11760

CVE-2025-11760 affects the WordPress plugin “eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams” through version 1.5.6. The root cause is exposure of the Zoom SDK secret keys in client-side JavaScript in the meeting view template, enabling unauthenticated attackers to extract...

CVE-2025-11760 eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams <= 1.5.6 - Unauthenticated Sensitive Information Exposure

The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting vie...

EUVD-2025-35900

The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting vie...

PT-2025-43694

Name of the Vulnerable Software and Affected Versions eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams versions through 1.5.6 Description The eRoom plugin for WordPress exposes Zoom SDK secret keys in client-side JavaScript within the meeting view template. This allows...

EUVD-2023-42214

Malicious code in bioql PyPI...

EUVD-2023-41821

Malicious code in bioql PyPI...

WordPress Myour Theme <= 1.5.6 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh in WordPress Theme Myour versions = 1.5.6...

CVE-2025-53326

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodeYatri Gutenify gutenify allows PHP Local File Inclusion.This issue affects Gutenify: from n/a through = 1.5.4...

WordPress plugin Gutenify 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-8723

The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization within its hookrestpredispatch method in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject...

CVE-2025-8723

The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization within its hookrestpredispatch method in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject...

CVE-2025-8723

CVE-2025-8723 affects the Cloudflare Image Resizing plugin for WordPress. The vulnerability arises from missing authentication and insufficient sanitization in the hook_rest_pre_dispatch() method, affecting all versions up to and including 1.5.6. This enables unauthenticated attackers to inject a...

WordPress Form Block Plugin <= 1.5.5 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Form Block versions = 1.5.5...

CVE-2024-1844

The RevivePress – Keep your Old Content Evergreen plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the importdata and copydata functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated...

CVE-2024-7032

The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moodeactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin an...

CVE-2024-51581

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nicheaddons Restaurant & Cafe Addon for Elementor restaurant-cafe-addon-for-elementor allows Stored XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through = 1.5.6...

CVE-2020-13869

An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name...