CVE-2026-6381 WP Maps < 4.9.3 - Subscriber+ Local File Inclusion

The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a parameter before using it in a file path, allowing authenticated users to perform Local File Inclusion attacks...

CVE-2026-6381

The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a parameter before using it in a file path, allowing authenticated users to perform Local File Inclusion attacks...

CVE-2025-14718

The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated...

CVE-2025-69361

CVE-2025-69361 is a Missing Authorization issue affecting PublishPress Post Expirator (post-expirator) up to version 4.9.3. Connected data confirms a Broken Access Control vulnerability with the same CVE, reported by Wordfence as patched (Patched) after initial disclosure. The Wordfence entry not...

CVE-2025-69361 WordPress Post Expirator plugin <= 4.9.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in PublishPress Post Expirator post-expirator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Expirator: from n/a through = 4.9.3...

PT-2025-43718

Name of the Vulnerable Software and Affected Versions Social Feed Gallery plugin for WordPress versions prior to 4.9.3 Description The Social Feed Gallery plugin for WordPress is susceptible to Information Exposure due to inadequate user authorization verification. This allows unauthenticated...

EUVD-2018-8292

Malware in sbrugna...

EUVD-2005-3072

Malware in sbrugna...

EUVD-2018-6764

Malware in sbrugna...

EUVD-2018-6387

Malware in sbrugna...

EUVD-2018-6385

Malware in sbrugna...

EUVD-2019-6223

Malware in sbrugna...

EUVD-2025-6169

Malicious code in bioql PyPI...

EUVD-2023-2289

Malicious code in bioql PyPI...

DoS (Denial of Service) commons-fileupload:commons-fileupload Dependency in Crucible Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in version 4.9.0 of Crucible Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to...

WordPress Gwolle Guestbook plugin <= 4.9.2 - Unauthenticated Stored Cross-Site Scripting via `gwolle_gb_content` Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via gwollegbcontent Parameter vulnerability discovered by zer0gh0st in WordPress Plugin Gwolle Guestbook versions = 4.9.2...

PT-2025-27091 · WordPress · Aharonyan Wp Front Editor +1

Name of the Vulnerable Software and Affected Versions: aharonyan WP Front User Submit / Front Editor versions through 4.9.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS in...

CVE-2023-32122

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Spiffy Plugins Spiffy Calendar plugin = 4.9.3 versions...

CVE-2025-47617

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Stored XSS.This issue affects WP Front User Submit / Front Editor: from n/a through = 5.0.6...

CVE-2025-39453

Cross-Site Request Forgery CSRF vulnerability in algol.plus Advanced Dynamic Pricing for WooCommerce advanced-dynamic-pricing-for-woocommerce allows Cross Site Request Forgery.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through = 4.9.3...