PT-2025-51199

The URL Shortify WordPress plugin before 1.11.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress plugin WP Admin Microblog 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

EUVD-2025-38144

Authentication Bypass by Spoofing vulnerability in Saad Iqbal All In One Login change-wp-admin-login allows Identity Spoofing.This issue affects All In One Login: from n/a through = 2.0.8...

EUVD-2019-1784

Malware in sbrugna...

EUVD-2017-7232

Malware in sbrugna...

EUVD-2013-3414

Malware in sbrugna...

EUVD-2021-11263

Malware in sbrugna...

EUVD-2015-5074

Malware in sbrugna...

EUVD-2017-15633

Malware in sbrugna...

EUVD-2017-15162

Malware in sbrugna...

EUVD-2019-1727

Malware in sbrugna...

EUVD-2025-15242

Malicious code in bioql PyPI...

EUVD-2023-33832

Malicious code in bioql PyPI...

EUVD-2025-7969

Malicious code in bioql PyPI...

CVE-2025-48325

Cross-Site Request Forgery CSRF vulnerability in shmish111 WP Admin Theme wp-admin-theme allows Stored XSS.This issue affects WP Admin Theme: from n/a through = 1.0...

CVE-2025-48325

CVE-2025-48325 is a CSRF vulnerability in the WordPress plugin/theme “WP Admin Theme” (shmish111) that also enables Stored XSS. Affected versions are from n/a through 1.0. The issue arises from a Cross-Site Request Forgery flaw that, when exploited, can lead to stored XSS in the WP Admin Theme co...

PT-2025-35013

Name of the Vulnerable Software and Affected Versions: shmish111 WP Admin Theme versions n/a through 1.0 Description: A Cross-Site Request Forgery CSRF vulnerability exists in shmish111 WP Admin Theme, which also allows Stored Cross-Site Scripting XSS. Recommendations: At the moment, there is no...

Linux Distros Unpatched Vulnerability : CVE-2017-14725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. CVE-2017-14725 Note that...

CVE-2023-3170

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

CVE-2022-2395

The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...