WordPress GEO my WP plugin <= 4.5.5 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin GEO my WordPress versions = 4.5.5...

CVE-2026-23963

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, the server does not enforce a maximum length for the names of lists or filters, or for filter keywords, allowing any user to set an arbitrarily long string as the name or...

CVE-2026-23962 Mastodon vulnerable to Denial of Service from a single post (client/server)

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote posts, allowing attackers to create polls with a very large amount of options, greatly increasing...

EUVD-2025-202087

Missing Authorization vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a...

CVE-2025-67559

Missing Authorization vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a...

CVE-2025-67559

CVE-2025-67559 affects the WordPress plugin “Online Booking & Scheduling Calendar for WordPress by vcita” up to version 4.5.5. The issue is a Missing Authorization / Broken Access Control vulnerability caused by incorrectly configured access control levels, allowing unauthorized actions within th...

CVE-2025-67559 WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a...

WordPress plugin Online Booking & Scheduling Calendar for WordPress by vcita 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. The WordPress plugin Onli...

CVE-2025-12881

CVE-2025-12881 concerns the WordPress plugin Return Refund and Exchange For WooCommerce (versions up to 4.5.5). It suffers an Insecure Direct Object Reference due to missing validation on a user-controlled key in wps_rma_fetch_order_msgs(), enabling authenticated attackers with Subscriber level a...

PT-2025-47690

The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the 'wps rma cancel return request' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for...

WordPress plugin Return Refund and Exchange For WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin Online Booking & Scheduling Calendar for WordPress by vcita versions = 4.5.5...

EUVD-2007-0786

Malware in sbrugna...

EUVD-2024-33740

Malicious code in bioql PyPI...

CVE-2025-53243

Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff Listing & Team Directory Plugin for WordPress employee-directory allows Object Injection.This issue affects Employee Directory – Staff Listing & Team Directory Plugin for WordPress: from n/a through = 4.5...

PT-2025-33717 · WordPress · Nexter Blocks

Name of the Vulnerable Software and Affected Versions: Nexter Blocks versions prior to 4.5.5 Description: The Nexter Blocks plugin for WordPress is susceptible to Stored Cross-Site Scripting XSS via multiple widgets. Insufficient input sanitization and output escaping on user-supplied attributes...

CVE-2025-48279

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Richard Perdaan WC MyParcel Belgium allows Reflected XSS. This issue affects WC MyParcel Belgium: from 4.5.5 through beta...

WordPress Secure Copy Content Protection and Content Locking plugin <= 4.5.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by astra.r3verii in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 4.5.5...

ovirt-engine security update

4.5.5-1.21 - Fix external providers properties observability...

PT-2024-31793 · Vite · Vite

Name of the Vulnerable Software and Affected Versions: Vite versions prior to 3.2.11 Vite versions prior to 4.5.5 Vite versions prior to 5.2.14 Vite versions prior to 5.3.6 Vite versions prior to 5.4.6 Description: A DOM Clobbering vulnerability was discovered in Vite when building scripts to...