CVE-2023-40558

Cross-Site Request Forgery CSRF vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin = 3.3.5 versions...

WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via content Parameter vulnerability discovered by lowol in WordPress Plugin Content Blocks Custom Post Widget versions = 3.3.5...

PT-2025-52584

Name of the Vulnerable Software and Affected Versions ELEX WordPress HelpDesk & Customer Ticketing System versions prior to 3.3.5 Description The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient inp...

EUVD-2025-35435

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AmentoTech Workreap theme's plugin workreap allows Path Traversal.This issue affects Workreap theme's plugin: from n/a through = 3.3.5...

CVE-2025-59566

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AmentoTech Workreap theme's plugin workreap allows Path Traversal.This issue affects Workreap theme's plugin: from n/a through = 3.3.5...

CVE-2025-59566 WordPress Workreap (theme's plugin) plugin <= 3.3.5 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AmentoTech Workreap theme's plugin workreap allows Path Traversal.This issue affects Workreap theme's plugin: from n/a through = 3.3.5...

WordPress plugin Workreap 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

EUVD-2020-13576

Malware in sbrugna...

EUVD-2025-7947

Malicious code in bioql PyPI...

EUVD-2024-44069

Malicious code in bioql PyPI...

EUVD-2024-36500

Malicious code in bioql PyPI...

EUVD-2025-25429

Malicious code in bioql PyPI...

CVE-2025-8895

The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and including, 3.3.5. This makes it possible for unauthenticated attackers to copy arbitrary files on the affected site's server to arbitrary locations...

CVE-2025-8895

CVE-2025-8895 affects the WP Webhooks plugin for WordPress. It allows unauthenticated arbitrary file copy due to missing input validation in all versions up to and including 3.3.5, enabling access to sensitive files (e.g., wp-config.php) and database credentials. The vulnerability is rated critic...

CVE-2025-8895 WP Webhooks <= 3.3.5 - Unauthenticated Arbitrary File Copy

The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and including, 3.3.5. This makes it possible for unauthenticated attackers to copy arbitrary files on the affected site's server to arbitrary locations...

CVE-2025-8895 WP Webhooks <= 3.3.5 - Unauthenticated Arbitrary File Copy

The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and including, 3.3.5. This makes it possible for unauthenticated attackers to copy arbitrary files on the affected site's server to arbitrary locations...

WordPress plugin WP Webhooks 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

CVE-2023-33181

Xibo is a content management system CMS. Starting in version 3.0.0 and prior to version 3.3.5, some API routes will print a stack trace when called with missing or invalid parameters revealing sensitive information about the locations of paths that the server is using. Users should upgrade to...

CVE-2023-33180

Xibo is a content management system CMS. An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.2 in the /display/map API route inside the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted valu...

CVE-2025-30552

Cross-Site Request Forgery CSRF vulnerability in Donald Gilbert WordPress Admin Bar Improved wordpress-admin-bar-improved allows Stored XSS.This issue affects WordPress Admin Bar Improved: from n/a through = 3.3.5...