581 matches found
EUVD-2023-59047
Malicious code in bioql PyPI...
EUVD-2021-34631
Malicious code in bioql PyPI...
EUVD-2024-32290
Malicious code in bioql PyPI...
EUVD-2023-44602
Malicious code in bioql PyPI...
EUVD-2024-54556
Malicious code in bioql PyPI...
EUVD-2022-15417
Malicious code in bioql PyPI...
How to Find Local File Inclusion (LFI) Vulnerabilities in WordPress Plugins and Themes
Local File Inclusion LFI occurs when user-controlled input is used to build a path to a file that is then included by the application. In WordPress and PHP web applications in general, this means values from $GET, $POST, $REQUEST, or other user-controlled sources end up in the include, require,...
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 15, 2025 to September 21, 2025)
Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 8, 2025 to September 14, 2025)
Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 18, 2025 to August 24, 2025)
Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...
CVE-2025-0951
Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquidresetwordpressbefore AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivat...
CVE-2025-0951 LiquidThemes Themes <= Various Versions - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated
Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquidresetwordpressbefore AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivat...
CVE-2025-0951
Summary of CVE-2025-0951 (LiquidThemes for WordPress): The issue arises from a missing capability check in the liquid_reset_wordpress_before AJAX path across LiquidThemes plugins/themes, enabling authenticated attackers with Subscriber-level access and above to deactivate all plugins. The root ca...
CVE-2025-0951 LiquidThemes Themes <= Various Versions - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated
Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquidresetwordpressbefore AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivat...
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 11, 2025 to August 17, 2025)
Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...
CVE-2025-0818
Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an...
CVE-2025-8047 Multiple Plugins from itayamar - Supply Chain Compromise
The disable-right-click-powered-by-pixterme through v1.2 and pixter-image-digital-license thtough v1.0 WordPress plugins load a JavaScript file which has been compromised from an apparent abandoned S3 bucket. It can be used as a backdoor by those who control it, but it currently displays an alert...
CVE-2025-8047
CVE-2025-8047 pertains to a supply‑chain compromise affecting WordPress plugins Disable-right-click-powered-by-pixterme (through v1.2) and Pixter-Image-Digital-License (through v1.0). The plugins load a compromised JavaScript file from an abandoned S3 bucket, enabling an attacker‑controlled backd...
CVE-2025-0818
Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an...
CVE-2025-0818
Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an...