384 matches found
EUVD-2015-9241
Malware in sbrugna...
EUVD-2016-1980
Malware in sbrugna...
EUVD-2006-0989
Malware in sbrugna...
EUVD-2009-2844
Malware in sbrugna...
EUVD-2025-4012
Malicious code in bioql PyPI...
EUVD-2024-50522
Malicious code in bioql PyPI...
EUVD-2022-51936
Malicious code in bioql PyPI...
CVE-2024-53278
Cross-site scripting vulnerability exists in WP Admin UI Customize versions prior to ver 1.5.14. If a malicious admin user customizes the admin screen with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the admin screen...
CVE-2022-4604
A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1. Affected by this vulnerability is the function registerendpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to...
CVE-2022-1589
The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector...
CVE-2021-24906
The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib/pwa-deactivate.php file, which could allow unauthenticated users to disable the plugin and therefore the protection offered via a crafted request...
CVE-2021-24522
The User Registration, User Profile, Login & Membership – ProfilePress Formerly WP User Avatar WordPress plugin before 3.1.11's widget for tabbed login/register was not properly escaped and could be used in an XSS attack which could lead to wp-admin access. Further, the plugin in several places...
CVE-2015-9401
The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php editstyle id XSS...
CVE-2019-9909
The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS...
CVE-2015-9398
The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection...
CVE-2015-9397
The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS...
CVE-2025-25072
Cross-Site Request Forgery CSRF vulnerability in thunderbax WP Admin Custom Page wp-admin-custom-page allows Stored XSS.This issue affects WP Admin Custom Page: from n/a through = 1.5.0...
CVE-2025-25072
Cross-Site Request Forgery CSRF vulnerability in thunderbax WP Admin Custom Page wp-admin-custom-page allows Stored XSS.This issue affects WP Admin Custom Page: from n/a through = 1.5.0...
CVE-2025-25072
CVE-2025-25072 concerns the WP Admin Custom Page plugin (WordPress) with a CSRF to Stored XSS vulnerability affecting versions up to 1.5.0. The connected documents confirm the affected software and root cause (CSRF enabling stored XSS) but do not provide a confirmed fixed version in the supplied ...
CVE-2025-25072 WordPress WP Admin Custom Page plugin <= 1.5.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in thunderbax WP Admin Custom Page wp-admin-custom-page allows Stored XSS.This issue affects WP Admin Custom Page: from n/a through = 1.5.0...