18 matches found
EUVD-2019-6182
Malware in sbrugna...
EUVD-2025-16548
Malicious code in bioql PyPI...
EUVD-2025-5122
Malicious code in bioql PyPI...
EUVD-2025-14372
Malicious code in bioql PyPI...
EUVD-2025-16545
Malicious code in bioql PyPI...
EUVD-2021-34171
Malicious code in bioql PyPI...
WordPress Hydra Booking plugin 1.1.0-1.1.18 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Hydra Booking versions 1.1.0-1.1.18...
WordPress WP Human Resource Management plugin 2.0.0-2.2.17 - Missing Authorization to Authenticated (Employee+) Privilege Escalation vulnerability
Missing Authorization to Authenticated Employee+ Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin WP Human Resource Management versions 2.0.0-2.2.17...
CVE-2025-5953
The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajaxinsertemployee and updateempoyee functions in versions 2.0.0 through 2.2.17. The AJAX handler reads the client-supplied $POST'role' and, after basic cleaning via...
WordPress Service Finder Booking plugin <= 6.1 - Privilege Escalation Vulnerability
Privilege Escalation Vulnerability discovered by Bonds in WordPress Plugin Service Finder Booking versions = 6.1...
CVE-2025-5953
The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajaxinsertemployee and updateempoyee functions in versions 2.0.0 through 2.2.17. The AJAX handler reads the client-supplied $POST'role' and, after basic cleaning via...
CVE-2025-32281
CVE-2025-32281 affects the WordPress plugin WPKit For Elementor, version
WordPress WPKit For Elementor plugin <= 1.1.0 - Arbitrary Option Update to Privilege Escalation vulnerability
Arbitrary Option Update to Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WPKit For Elementor versions = 1.1.0...
CVE-2025-4631
The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktendobject endpoint in versions 2.0.6.0 to 2.1.1.3. This makes it possible to trigger the saveobjectasuser function for objects whose 'datatype' is set to 'users',. This allows...
WordPress WP-GeoMeta plugin 0.3.4-0.3.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via wp_ajax_wpgm_start_geojson_import Function vulnerability
Missing Authorization to Authenticated Subscriber+ Privilege Escalation via wpajaxwpgmstartgeojsonimport Function vulnerability discovered by kr0d in WordPress Plugin WP-GeoMeta versions 0.3.4-0.3.5...
WordPress Email Notifications for Updates <= 1.1.6 - Privilege Escalation Vulnerability
Privilege Escalation Vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Email Notifications for Updates versions = 1.1.6...
CVE-2025-2075
The CVE concerns the WordPress plugin Uncanny Automator (versions up to and including 6.3.0.2). The root cause is missing capability checks in add_role() and user_role() performed through validate_rest_call(), enabling privilege escalation to administrator. Attackers with an active account can el...
CVE-2024-11443 de:branding <= 1.0.2 - Authenticated (Subscriber+) Arbitrary Options Update
The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debrandingsave function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with...