135 matches found
EUVD-2024-50931
Malicious code in bioql PyPI...
EUVD-2025-30545
Malicious code in bioql PyPI...
EUVD-2024-51713
Malicious code in bioql PyPI...
EUVD-2022-34640
Malicious code in bioql PyPI...
WordPress User Avatar - Reloaded plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability
WordPress User Avatar - Reloaded plugin = 1.2.2 - Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin User Avatar - Reloaded versions = 1.2.2...
CVE-2025-58672
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.1.12...
CVE-2025-58673 WordPress WP User Frontend Plugin <= 4.1.12 - Content Injection Vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in weDevs WP User Frontend wp-user-frontend allows Code Injection.This issue affects WP User Frontend: from n/a through = 4.1.12...
PT-2025-27844 · WordPress · Wp Human Resource Management
Name of the Vulnerable Software and Affected Versions: WP Human Resource Management plugin for WordPress versions 2.0.0 through 2.2.17 Description: The issue arises from a missing authorization within the ajax delete employee function, allowing authenticated attackers with Employee-level access a...
CVE-2021-24998
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the strshuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic...
WordPress User Meta plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by stealthcopter in WordPress Plugin User Meta versions = 3.1.2...
CVE-2025-39400 WordPress User Registration plugin < 4.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpeverest User Registration allows Reflected XSS. This issue affects User Registration: from n/a through n/a...
CVE-2025-27319 WordPress User List plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ivan82 User List user-list allows Reflected XSS.This issue affects User List: from n/a through = 1.5.1...
CVE-2025-27319 WordPress User List plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ivan82 User List user-list allows Reflected XSS.This issue affects User List: from n/a through = 1.5.1...
PT-2025-16168 · WordPress · User Registration & Membership
Name of the Vulnerable Software and Affected Versions: User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress versions up to, and including, 4.1.3 Description: The issue allows unauthenticated attackers to update other users' passwords if they...
CVE-2025-25114 WordPress User Role plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ehabstar User Role user-roles allows Reflected XSS.This issue affects User Role: from n/a through = 1.0...
CVE-2025-25114 WordPress User Role plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ehabstar User Role user-roles allows Reflected XSS.This issue affects User Role: from n/a through = 1.0...
CVE-2024-10801
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxmanagefilechunkupload function in all versions up to, and including, 16.5. This makes it possible for unauthenticated attackers to upload arbitrary files on...
CVE-2025-22736
CVE-2025-22736 concerns the WordPress plugin User Management by WPExperts. The issue is described as an Incorrect Privilege Assignment vulnerability that enables Privilege Escalation . Affected software: User Management (through version 1.2, per description). Documented impact indicates an authen...
CVE-2024-56037
CVE-2024-56037 is a published WordPress plugin vulnerability: a Reflected Cross-Site Scripting (XSS) in the “User Referral” plugin. The issue is caused by improper neutralization of input during web page generation, allowing injected scripts to execute in victims’ browsers when they load a crafte...
CVE-2023-29429 WordPress User Registration plugin <= 2.3.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPEverest User Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through 2.3.2.1...