CVE-2022-0884

The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfilteredhtml is disallowed...

EUVD-2022-40675

Malicious code in bioql PyPI...

EUVD-2024-49799

Malicious code in bioql PyPI...

EUVD-2023-34075

Malicious code in bioql PyPI...

EUVD-2024-51577

Malicious code in bioql PyPI...

EUVD-2024-38185

Malicious code in bioql PyPI...

EUVD-2025-12293

Malicious code in bioql PyPI...

WordPress Porn Videos Embed plugin <= 0.9.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Porn Videos Embed versions = 0.9.1...

PT-2025-31735 · WordPress · Ultimate Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Ultimate Addons for Elementor versions up to and including 2.4.6 Description: The Ultimate Addons for Elementor plugin for WordPress contains a flaw that allows unauthorized data modification. A missing capability check within the save hfe...

WordPress WP LOL Rotation <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Chu The Anh Blue Rock in WordPress Plugin WP LOL Rotation versions = 1.0...

WordPress Featured Image Plus – Quick & Bulk Edit with Unsplash plugin <= 1.6.6 - Authenticated (Admin+) Server-Side Request Forgery vulnerability

Authenticated Admin+ Server-Side Request Forgery vulnerability discovered by ch4r0n in WordPress Plugin Featured Image Plus versions = 1.6.6...

WordPress WP Post Hide plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WP Post Hide versions = 1.0.9...

CVE-2025-7442

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to SQL Injection via several parameters in the MJgmgtdeleteclasslimitformember, MJgmgtgetyearlyincomeexpense, MJgmgtgetmonthlyincomeexpense, MJgmgtaddclasslimit, MJgmgtviewmeetingdetail, and MJgmgtcreatemeeting functio...

WordPress RSFirewall! plugin <= 1.1.42 - Authenticated (Admin+) Arbitrary File Read vulnerability

Authenticated Admin+ Arbitrary File Read vulnerability discovered by WordFence in WordPress Plugin RSFirewall! versions = 1.1.42...

WordPress Opal Estate Pro plugin <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user' vulnerability

Unauthenticated Privilege Escalation via 'onregiseruser' vulnerability discovered by Alyudin Nafiie in WordPress Plugin Opal Estate Pro versions = 1.7.5...

CVE-2025-3863

The Post Carousel Slider for Elementor plugin for WordPress is vulnerable to improper authorization due to a missing capability check on the processwbelpspromoform function in all versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, with Subscriber-level acces...

CVE-2025-49971

CVE-2025-49971 concerns a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin eDS Responsive Menu by aThemeArt translations. It affects versions up to 1.2, arising from improper access control configuration. Public references in connected sources confirm the issue ...

WordPress 4stats plugin <= 2.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin 4stats versions = 2.0.9...

CVE-2024-6334

The Easy Table of Contents WordPress plugin before 2.0.67.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-12566

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...