199 matches found
EUVD-2022-37302
Malicious code in bioql PyPI...
EUVD-2022-42905
Malicious code in bioql PyPI...
EUVD-2023-43996
Malicious code in bioql PyPI...
EUVD-2024-32775
Malicious code in bioql PyPI...
EUVD-2024-48345
Malicious code in bioql PyPI...
EUVD-2023-59252
Malicious code in bioql PyPI...
EUVD-2025-6251
Malicious code in bioql PyPI...
EUVD-2024-16813
Malicious code in bioql PyPI...
EUVD-2025-22048
Malicious code in bioql PyPI...
EUVD-2024-53968
Malicious code in bioql PyPI...
WordPress BitFire plugin <= 4.5 - Unauthenticated Information Exposure vulnerability
Unauthenticated Information Exposure vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin BitFire Security versions = 4.5...
PT-2025-30994 · WordPress · Memory Usage
Name of the Vulnerable Software and Affected Versions: Memory Usage plugin for WordPress versions prior to 3.99 Description: The Memory Usage plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing nonce validation in the wpmemory install plugin function. This allows...
CVE-2025-6382
The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's taeggie-feed shortcode in all versions up to, and including, 0.1.10. The plugin’s render method takes the user-supplied name attribute and injects it directly into a tag - both in the id attribute...
CVE-2025-7695 Dataverse Integration 2.77 - 2.81 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via reset_password_link REST Route
The Dataverse Integration plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within its resetpasswordlink REST endpoint in versions 2.77 through 2.81. The endpoint’s handler accepts a client-supplied id, email, or login, looks up that user, and calls...
PT-2025-30228 · WordPress +1 · Wordpress +1
Name of the Vulnerable Software and Affected Versions: WordPress versions 3.5 through 6.8.2 Description: WordPress versions 3.5 through 6.8.2 are susceptible to a flaw that allows remote attackers to determine the titles of private and draft posts through pingback.ping XML-RPC requests...
CVE-2025-54352
WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior...
CVE-2025-7035
The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mlatagcloud and mlatermlist shortcodes in all versions up to, and including, 3.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-6719 Terms descriptions <= 3.4.8 - Authenticated (Admin+) Stored Cross-Site Scripting
The Terms descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-24779 WordPress Yogi theme <= 2.9.0 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in NooTheme Yogi allows Object Injection. This issue affects Yogi: from n/a through 2.9.0...
CVE-2020-36847 Simple File List < 4.2.3 - Remote Code Execution
The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the...