15 matches found
PT-2026-35424
https://t.co/5LsebxfRXc CVE-2026-39491 jupiterx-core CVSS Score 6.4 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomicedge...
PT-2026-35427
https://t.co/20W6X2qGPz CVE-2026-39525 booking-activities CVSS Score 5.3 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecuri…...
PT-2026-35640
https://t.co/N02Fwt6QgR CVE-2026-39540 shipment-tracker-for-woocommerce CVSS Score 6.4 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresss…...
PT-2026-33764
https://t.co/qQiOmVKRQa CVE-2026-39493 WordPress plugin vulnerability simply-schedule-appointments cybersecurity wordpressfirewall wordpresssecurity hacking wpsecuri…...
PT-2026-33765
https://t.co/4bpvciSJjS CVE-2026-39533 WordPress plugin vulnerability another-wordpress-classifieds-plugin cybersecurity wordpressfirewall wordpresssecurity hack…...
PT-2026-31710
https://t.co/eBFIxW5tzt CVE-2026-25446 WordPress plugin vulnerability wishlist-member-x cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomicedge...
EUVD-2022-51874
Malicious code in bioql PyPI...
EUVD-2022-51871
Malicious code in bioql PyPI...
Spam protection, Anti-Spam, FireWall by CleanTalk Plugin for WordPress < 6.44 Authorization Bypass
The WordPress Spam protection, Anti-Spam, FireWall by CleanTalk Plugin installed on the remote host is affected by an authorization bypass vulnerability via reverse DNS spoofing. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...
CVE-2022-4539
The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1.2. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the...
CVE-2022-4536
The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the...
CVE-2022-47171
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paul C. Schroeder IP Vault – WP Firewall plugin = 1.1 versions...
WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting
alert1" !-- In a real attack, forms can be submitted automatically and spear-phishing attacks can be convincing. Mitigations ================ Disable the plugin until a new version is released that fixes this bug. Disclosure policy ================ dxw believes in responsible disclosure. Your...
WordPress Firewall 2 1.3 Plugin - Cross-Site Request Forgery / Cross-Site Scripting Vulnerabilities
Exploit for php platform in category web applications alert1" !-- In a real attack, forms can be submitted automatically and spear-phishing attacks can be convincing. Mitigations ================ Disable the plugin until a new version is released that fixes this bug. Disclosure policy...
WordPress Firewall 2 1.3 Cross Site Request Forgery / Cross Site Scripting
Details ================ Software: WordPress Firewall 2 Version: 1.3 Homepage: https://wordpress.org/plugins/wordpress-firewall-2/ Advisory report: https://security.dxw.com/advisories/csrfstored-xss-in-wordpress-firewall-2-allows-unauthenticated-attackers-to-do-almost-anything-an-admin-can/ CVE:...