EUVD-2025-19711

Malicious code in bioql PyPI...

EUVD-2025-24224

Malicious code in bioql PyPI...

WordPress BerqWP plugin <= 2.2.42 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by mikemyers in WordPress Plugin BerqWP versions = 2.2.42...

CVE-2015-10135 WPshop 2 – E-Commerce < 1.3.9.6 - Arbitrary File Upload

The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxUpload function in versions before 1.3.9.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may...

CVE-2025-7340

The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the tempfileupload function in all versions up to, and including, 2.2.1. This makes it possible for...

WordPress WPBookit plugin <= 1.0.4 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by stealthcopter in WordPress Plugin WPBookit versions = 1.0.4...

WordPress AiBud WP plugin <= 1.9 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Ryan Kozak Patchstack Bug Bounty Program in WordPress Plugin AiBud WP versions = 1.9...

WordPress Aviation Weather from NOAA plugin <= 0.7.2 - Arbitrary File Deletion Vulnerability

Arbitrary File Deletion Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Aviation Weather from NOAA versions = 0.7.2...

WordPress File Manager Plugin For Wordpress plugin <= 7.5 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin File Manager Plugin For Wordpress versions = 7.5...

WordPress WP VR plugin <= 8.5.26 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WP VR versions = 8.5.26...

WordPress CLEVER plugin <= 2.6 - Arbitrary File Download Vulnerability

Arbitrary File Download Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin CLEVER versions = 2.6...

CVE-2025-4800

The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stmlmsaddassignmentattachment function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access an...

CVE-2022-2314

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site...

CVE-2025-2802

The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.3.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

WordPress Barcode Generator for WooCommerce plugin <= 2.0.4 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Barcode Generator for WooCommerce versions = 2.0.4...

WordPress Print Science Designer plugin <= 1.3.155 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Print Science Designer versions = 1.3.155...

CVE-2025-1510 Custom Post Type Date Archives <= 2.7.1 - Missing Authorization to Unauthenticated Arbitrary Shortcode Execution

The The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2025-1509

The CVE-2025-1509 shows a vulnerability in the Show Me The Cookies WordPress plugin (versions up to 1.0) enabling unauthenticated arbitrary shortcode execution due to improper validation before do_shortcode. This can allow an attacker to run arbitrary shortcodes on affected sites. The Wordfence a...

CVE-2025-1028

The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site'...

CVE-2023-4238 Prevent files / folders access < 2.5.2 - Admin+ Arbitrary File Upload

The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server...