Exploit for Authentication Bypass Using an Alternate Path or Channel in Really-Simple-Plugins Really_Simple_Security

CVE-2024-10924 — WordPress Auth Bypass Toolkit Really Sim...

CVE-2017-18499

The simple-membership plugin before 3.5.7 for WordPress has XSS...

CVE-2025-11237

The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options...

EUVD-2010-5066

Malware in sbrugna...

EUVD-2017-8257

Malware in sbrugna...

EUVD-2012-5746

Malware in sbrugna...

EUVD-2011-1761

Malware in sbrugna...

EUVD-2024-44034

Malicious code in bioql PyPI...

EUVD-2024-27567

Malicious code in bioql PyPI...

EUVD-2024-51615

Malicious code in bioql PyPI...

EUVD-2022-51594

Malicious code in bioql PyPI...

PT-2025-29793 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: designthemes Visual Art | Gallery WordPress Theme versions through 2.4 Description: The designthemes Visual Art | Gallery WordPress Theme contains a flaw due to deserialization of untrusted data, allowing for object injection. Recommendations...

CVE-2025-5322

The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the doupdatecar and createcar functions in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with...

Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin

Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files. TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to all...

CVE-2024-5156

The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.18.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

CVE-2024-8627

The Ultimate TinyMCE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'field' shortcode in all versions up to, and including, 5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2023-5577

The Bitly's plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpbitly' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-6708

The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping, even when the 'Sanitize SVG while uploading' feature is enabled. This makes it...

CVE-2021-34639

Authenticated File Upload in WordPress Download Manager = 3.1.24 allows authenticated Author+ users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions...

CVE-2021-24253

The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to...