85 matches found
EUVD-2024-43967
Malicious code in bioql PyPI...
EUVD-2024-16247
Malicious code in bioql PyPI...
EUVD-2024-27490
Malicious code in bioql PyPI...
EUVD-2025-6718
Malicious code in bioql PyPI...
EUVD-2024-17328
Malicious code in bioql PyPI...
WordPress plugin ThemeMove Core 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
WordPress plugin Booster for WooCommerce 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file upload vulnerability exists in the WordPress Booster for WooCommerce Plugin that stems from a lack of file type validation in the addfilestoorder function, which can be...
CVE-2025-8213
The NinjaScanner – Virus & Malware scan plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'nscanajaxquarantine' and 'nscanquarantineselect' functions in all versions up to, and including, 3.2.5. This makes it possible for authenticated...
CVE-2025-5240
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2025-27597 · WordPress · Magic Buttons For Elementor
Name of the Vulnerable Software and Affected Versions: Magic Buttons for Elementor plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...
CVE-2025-53260
Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress file-manager-plugin-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects File Manager Plugin For Wordpress: from n/a through = 7.5...
CVE-2025-6061
The kk Youtube Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kkytv' shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-4585
CVE-2025-4585 - The IRM Newsroom WordPress plugin (versions
CVE-2025-48124 WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin <= 2.4.37 - Arbitrary File Download Vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Path Traversal.This issue affects Spreadsheet...
CVE-2025-4857 Newsletters <= 4.9.9.9 - Authenticated (Administrator+) Local File Inclusion
The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server,...
CVE-2025-4103 WP-GeoMeta 0.3.4 - 0.3.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via wp_ajax_wpgm_start_geojson_import Function
The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpajaxwpgmstartgeojsonimport function in versions 0.3.4 to 0.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their...
CVE-2025-4683
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createblog function in all versions up to, and including, 4.17.5. This makes it possible for authenticated attackers, wit...
CVE-2024-8662
The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.3.12. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
CVE-2024-8432
The Appointment & Event Booking Calendar Plugin – Webba Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveappearance function in all versions up to, and including, 5.0.48. This makes it possible for authenticated attackers...
CVE-2024-0897
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...