EUVD-2024-32884

Malicious code in bioql PyPI...

EUVD-2024-27135

Malicious code in bioql PyPI...

EUVD-2024-27683

Malicious code in bioql PyPI...

CVE-2025-2537

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled ThickBox JavaScript library version 3.1 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2020-36666

The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPre...

CVE-2024-5878

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled SimpleLightbox JavaScript library version 2.1.5 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2024-5878 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via SimpleLightbox JavaScript Library

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled SimpleLightbox JavaScript library version 2.1.5 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2024-13420

CVE-2024-13420 is documented as a vulnerability in the WordPress ecosystem where the Smart Framework family (Beyot Framework, Benaa Framework, Auteur Framework, April Framework) suffers from missing authorization checks on AJAX actions (e.g., gsf_reset_section_options, gsf_create_preset_options)....

CVE-2024-13420 Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Settings Updates

Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access due to a missing capability check on several AJAX actions like 'gsfresetsectionoptions', 'gsfresetsectionoptions', 'gsfcreatepresetoptions' and more in various versions. This makes it possible for authenticated...

CVE-2024-13410

The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajaxhandler' function. This makes it possible for...

CVE-2022-4157

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgoptionid POST parameter before concatenating it to an SQL query in export-votes-all.php. This may allow malicious users with administrator privileges i.e. on multisite...