155 matches found
WordPress Backup Migration plugin <= 1.4.9 - Information Exposure to Unauthenticated Back-up Download vulnerability
Information Exposure to Unauthenticated Back-up Download vulnerability discovered by ymmfty0 in WordPress Plugin Backup Migration versions = 1.4.9...
CVE-2025-52743
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik-privacy-policy oik-privacy-policy allows Reflected XSS.This issue affects oik-privacy-policy: from n/a through = 1.4.10...
CVE-2025-52743 WordPress oik-privacy-policy plugin <= 1.4.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik-privacy-policy oik-privacy-policy allows Reflected XSS.This issue affects oik-privacy-policy: from n/a through = 1.4.10...
CVE-2025-52743
CVE-2025-52743 describes a Reflected XSS in the WordPress plugin oik-privacy-policy (bobbingwide) with vulnerable versions up to 1.4.9 per the CVE/NVD/Red Hat entries. Public sources also indicate a remediation path: update to a version greater than 1.4.9 (PatchStack references 1.4.10 and beyond)...
CVE-2025-52743 WordPress oik-privacy-policy plugin <= 1.4.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik-privacy-policy oik-privacy-policy allows Reflected XSS.This issue affects oik-privacy-policy: from n/a through = 1.4.10...
EUVD-2020-23212
Malware in sbrugna...
EUVD-2025-26916
Malicious code in bioql PyPI...
EUVD-2023-51759
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-35545
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Time-based SQL injection exists in Spotweb 1.4.9 via the query string. CVE-2020-35545 Note that Nessus relies on the presence of the package as reported by the...
CVE-2025-58861
Cross-Site Request Forgery CSRF vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Stored XSS.This issue affects Quick Event Calendar: from n/a through = 1.4.9...
CVE-2025-58861
Cross-Site Request Forgery CSRF vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Stored XSS.This issue affects Quick Event Calendar: from n/a through = 1.4.9...
CVE-2025-58861 WordPress Quick Event Calendar Plugin <= 1.4.9 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Stored XSS.This issue affects Quick Event Calendar: from n/a through = 1.4.9...
CVE-2025-58861
CVE-2025-58861 affects the WordPress plugin Quick Event Calendar (versions n/a–1.4.9). The issue is a Cross-Site Request Forgery (CSRF) vulnerability that enables Stored XSS. CVSS 3.1 base score 7.1 (HIGH) with network attack vector, no privileges required, user interaction required, and impact t...
PT-2025-36200
Name of the Vulnerable Software and Affected Versions: Quick Event Calendar versions n/a through 1.4.9 Description: A Cross-Site Request Forgery CSRF vulnerability exists in WP Corner Quick Event Calendar, which also allows Stored Cross-Site Scripting XSS. Recommendations: Update Quick Event...
Slink 安全漏洞
Slink is a self-hosted image sharing service by the individual developer Andrii Kryvoviaz. A security vulnerability exists in Slink v1.4.9, which stems from the vulnerability of specially crafted SVG uploads to stored cross-site scripting attacks...
CVE-2025-55944
Slink v1.4.9 allows stored cross-site scripting XSS via crafted SVG uploads. When a user views the shared image in a new browser tab, the embedded JavaScript executes. The issue affects both authenticated and unauthenticated users...
CVE-2025-47645
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes elex-bulk-edit-products-prices-attributes-for-woocommerce-basic allows SQL Injection.This issue affects ELEX WooCommer...
CVE-2025-47645 WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin <= 1.4.9 - Subscriber+ SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes allows SQL Injection. This issue affects ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes: from n/a...
CVE-2025-47645 WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin <= 1.4.9 - Subscriber+ SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes elex-bulk-edit-products-prices-attributes-for-woocommerce-basic allows SQL Injection.This issue affects ELEX WooCommer...
WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin <= 1.4.9 - Subscriber+ SQL Injection vulnerability
Subscriber+ SQL Injection vulnerability discovered by astra.r3verii in WordPress Plugin ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes versions = 1.4.9...