EUVD-2024-50910

Malicious code in bioql PyPI...

EUVD-2024-47158

Malicious code in bioql PyPI...

EUVD-2024-50598

Malicious code in bioql PyPI...

EUVD-2023-12432

Malicious code in bioql PyPI...

EUVD-2022-26880

Malicious code in bioql PyPI...

CVE-2025-5927

The Everest Forms Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteentryfiles function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server,...

CVE-2025-4590

The Daisycon prijsvergelijkers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'daisyconuitvaart' shortcode in all versions up to, and including, 4.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2023-6065

The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code...

WordPress Plugin Aeropage Sync for Airtable File Upload Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A file upload vulnerability...

CVE-2025-2882

The GreenPaytm by Green.Money plugin for WordPress is vulnerable to Sensitive Information Exposure in versions between 3.0.0 and 3.0.9 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in th...

PT-2025-15413 · WordPress · Motors – Car Dealership & Classified Listings Plugin

Name of the Vulnerable Software and Affected Versions: Motors – Car Dealership & Classified Listings Plugin versions 1.4.64 and earlier Description: The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing...

CVE-2024-11087

CVE-2024-11087 relates to the miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon for WordPress. The vulnerability is an authentication bypass introduced by insufficient verification on the user returned by the social login token, allowing unauthenticated attackers...

CVE-2024-0594

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpasgetusers action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2025-23506

CVE-2025-23506 is a Reflected XSS in the WP IMAP Auth plugin affecting versions up to 4.0.1 (NotFound WP IMAP Auth). The root cause is improper neutralization of input during web page generation. CVSS 3.1 base score 7.1 (HIGH) with NETWORK attacker, no user privileges, and user interaction requir...

WordPress SuperBackup 2.3.3 Shell Upload

WordPress SuperBackup plugin versions 2.3.3 and below suffer from a remote shell upload vulnerability. CVE-2024-56064 WP SuperBackup = 2.3.3 - Unauthenticated Arbitrary File Upload Description The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file...

CVE-2024-10797

The CVE-2024-10797 entry concerns the WordPress plugin Full Screen Menu for Elementor. Affected: Full Screen Menu for Elementor (WordPress plugin) up to version 1.0.7. Nature: Information Exposure via the Full Screen Menu Elementor Widget, caused by insufficient restrictions on which posts can be...

CVE-2023-27633 WordPress Customify Plugin <= 2.10.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Pixelgrade Customify – Intuitive Website Styling plugin = 2.10.4 versions...

PT-2023-23823 · WordPress · Web3

Name of the Vulnerable Software and Affected Versions: Web3 – Crypto wallet Login & NFT token gating plugin for WordPress versions up to, and including, 2.6.0 Description: The issue is related to incorrect authentication checking in the hidden form data function, allowing authenticated attackers ...

CVE-2018-14028

In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then...