EUVD-2023-23487

Malicious code in bioql PyPI...

CVE-2025-8420

Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in various versions via the emdformbuilderlitepagenum function. This is due to the plugin not properly validating user input before using it as a function name. This...

WordPress Request a Quote Form plugin <= 2.5.2 - Unauthenticated Limited Remote Code Execution vulnerability

Unauthenticated Limited Remote Code Execution vulnerability discovered by mikemyers in WordPress Plugin Request a Quote versions = 2.5.2...

CVE-2025-4689

The CVE-2025-4689 entry concerns Ads Pro Plugin for WordPress (Advertising Manager). The connected sources confirm a vulnerability chain: an unauthenticated Local File Inclusion (LFI) that can lead to Remote Code Execution (RCE), triggered by a prior SQL Injection, within all versions up to 4.89....

CVE-2019-15324

The ad-inserter plugin before 2.4.22 for WordPress has remote code execution...

CVE-2025-3776 Verification SMS with TargetSMS <= 1.5 - Unauthenticated Limited Remote Code Execution

The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code Execution in all versions up to, and including, 1.5 via the 'targetvrajaxhandler' function. This is due to a lack of validation on the type of function that can be called. This makes it possible for...

CVE-2024-56278

CVE-2024-56278: Improper generation of code (Code Injection) in Smackcoders WP Ultimate Exporter allows PHP Remote File Inclusion. Affected: WP Ultimate Exporter versions from n/a to 2.9.1. CVSSv3.1 base score 9.1 (CRITICAL); vectors: Network, Privileges Required HIGH, User Interaction NONE, Scop...