EUVD-2008-6575

Malware in sbrugna...

EUVD-2011-4868

Malware in sbrugna...

EUVD-2017-16470

Malware in sbrugna...

CVE-2025-3584

The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-4634

The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. A malicious user with administrative privileges in the web portal would be able to manipulate requests to view files on the filesystem...

CVE-2024-6798 DL Verification <= 1.2 - Admin+ Stored XSS

The DL Verification WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13729 Podlove Podcast Publisher < 4.1.24 - Admin+ Stored XSS

The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-11859 DLL Search Order Hijacking in ESET products for Windows

DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code...

PT-2023-15428 · WordPress · Wp-Cors

Name of the Vulnerable Software and Affected Versions: Tim Stephenson WP-CORS plugin versions 0.2.1 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For Tim Stephenson WP-CORS...