Malicious code in bricks-builder-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ad643457c1104b8f118971a9ee95702f2126a16f33a4ec9dfd8ed21c43fc1eb bricks-builder-mcp is a Model Context Protocol server exposing WordPress/Bricks Builder editing tools page JSON edits, media uploads, custom CSS/JS...

CVE-2026-1398

The Change WP URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'change-wp-url' page. This makes it possible for unauthenticated attackers to change the WP Login URL via a...

CVE-2026-1398

CVE-2026-1398 describes a CSRF vulnerability in the WordPress plugin Change WP URL. The issue arises from missing or incorrect nonce validation on the Change WP URL page, allowing unauthenticated attackers to change the WP Login URL via forged requests if a site administrator clicks a crafted lin...

EUVD-2026-4894

The Change WP URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'change-wp-url' page. This makes it possible for unauthenticated attackers to change the WP Login URL via a...

CVE-2025-10738

CVE-2025-10738 concerns the WordPress URL Shortener Plugin for WordPress. The initial description notes an Unauthenticated SQL Injection via the parameter ‘analytic_id’ in all versions up to and including 3.0.7, due to insufficient escaping and preparation of the SQL query. Connected documents (W...

CVE-2025-28961

CVE-2025-28961 corresponds to a deserialization of untrusted data vulnerability in the WordPress URL Shortener plugin (Md Yeasin Ul Haider) 3.0.7 when available, as stated in the sources. The vulnerability is not described as rejected or reserved in the provided materials.

CVE-2025-28959

CVE-2025-28959 affects the WordPress plugin URL Shortener (versions up to 3.0.7). The issue is an SQL Injection caused by improper neutralization of special SQL elements in the URL Shortener’s queries. CVSS 3.1 base metrics indicate high impact on confidentiality and a critical overall score (9.3...

CVE-2025-28961 WordPress URL Shortener <= 3.0.7 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Object Injection.This issue affects URL Shortener: from n/a through = 3.0.7...

CVE-2025-28959 WordPress URL Shortener <= 3.0.7 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows SQL Injection.This issue affects URL Shortener: from n/a through = 3.0.7...

CVE-2025-28965 WordPress URL Shortener <= 3.0.7 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects URL Shortener: from n/a through = 3.0.7...

WordPress URL Shortener <= 3.0.7 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by ch4r0n in WordPress Plugin URL Shortener versions = 3.0.7...

WordPress plugin URL Shortener 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A code issue vulnerability...

WordPress URL Shortify Plugin <= 1.10.5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Malvin Valerian Gultom in WordPress Plugin URL Shortify versions = 1.10.5.1...

WordPress URL Shortener by MyThemeShop Plugin <= 1.0.17 is vulnerable to Cross Site Scripting (XSS)

Software URL Shortener by MyThemeShop Type Plugin Vulnerable versions = 1.0.17 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5802 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 171657501903 Credits Sandeep...

WordPress URL Shortify Plugin < 1.7.4 is vulnerable to Cross Site Scripting (XSS)

Software URL Shortify Type Plugin Vulnerable versions 1.7.4 Fixed in 1.7.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9b0133e4c7f5 Credits Rafie Muhammad Patchstack Required...

WordPress URL Shortener by MyThemeShop Plugin <= 1.0.17 is vulnerable to Broken Access Control

Software URL Shortener by MyThemeShop Type Plugin Vulnerable versions = 1.0.17 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23896 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e643a0198210 Credits István Márt...