Login as User or Customer < 3.3 - Privilege Escalation

The plugin lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session. id: CVE-2022-4305 info: name: Login as User or Customer 3.3 - Privilege Escalation author: r3Y3r53 severity: critical...

EUVD-2025-8813

Malicious code in bioql PyPI...

EUVD-2023-56197

Malicious code in bioql PyPI...

EUVD-2025-9783

Malicious code in bioql PyPI...

CVE-2023-36678

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WP-buy WP Content Copy Protection & No Right Click plugin = 3.5.5 versions...

CVE-2023-51484

Improper Authentication vulnerability in wp-buy Login as User or Customer User Switching allows Privilege Escalation.This issue affects Login as User or Customer User Switching: from n/a through 3.8...

CVE-2023-47557

Missing Authorization vulnerability in wp-buy Visitors Traffic Real Time Statistics visitors-traffic-real-time-statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visitors Traffic Real Time Statistics: from n/a through = 7.2...

CVE-2025-32266

Cross-Site Request Forgery CSRF vulnerability in wp-buy 404 Image Redirection Replace Broken Images broken-images-redirection allows Cross Site Request Forgery.This issue affects 404 Image Redirection Replace Broken Images: from n/a through = 1.4...

CVE-2025-32266

Cross-Site Request Forgery CSRF vulnerability in wp-buy 404 Image Redirection Replace Broken Images broken-images-redirection allows Cross Site Request Forgery.This issue affects 404 Image Redirection Replace Broken Images: from n/a through = 1.4...

CVE-2025-31570

Cross-Site Request Forgery CSRF vulnerability in wp-buy Related Posts Widget with Thumbnails advanced-css3-related-posts-widget allows Stored XSS.This issue affects Related Posts Widget with Thumbnails: from n/a through = 1.2...

CVE-2025-31569

Cross-Site Request Forgery CSRF vulnerability in wp-buy wordpress related Posts with thumbnails related-posts-list-grid-and-slider-all-in-one allows Stored XSS.This issue affects wordpress related Posts with thumbnails: from n/a through = 3.0.0.1...

CVE-2025-31569

Cross-Site Request Forgery CSRF vulnerability in wp-buy wordpress related Posts with thumbnails related-posts-list-grid-and-slider-all-in-one allows Stored XSS.This issue affects wordpress related Posts with thumbnails: from n/a through = 3.0.0.1...

CVE-2025-31569

Technical details for CVE-2025-31569 are not provided in the supplied documents. Monitor for updates.

CVE-2023-47557

Missing Authorization vulnerability in wp-buy Visitors Traffic Real Time Statistics visitors-traffic-real-time-statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visitors Traffic Real Time Statistics: from n/a through = 7.2...

CVE-2024-49306

Cross-Site Request Forgery CSRF vulnerability in wp-buy WP Content Copy Protection & No Right Click wp-content-copy-protector allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through = 3.5.9...

CVE-2024-49306

WP Content Copy Protection & No Right Click (WordPress plugin)

CVE-2023-51484

Improper Authentication vulnerability in wp-buy Login as User or Customer User Switching allows Privilege Escalation.This issue affects Login as User or Customer User Switching: from n/a through 3.8...

PT-2024-14143 · WordPress · Wp-Buy Login As User/Customer

Name of the Vulnerable Software and Affected Versions: wp-buy Login as User or Customer User Switching versions n/a through 3.8 Description: The issue is related to an Improper Authentication vulnerability that allows Privilege Escalation. This vulnerability can be exploited to escalate privilege...

CVE-2023-36678

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WP-buy WP Content Copy Protection & No Right Click plugin = 3.5.5 versions...

CVE-2023-36678

CVE-2023-36678 affects the WordPress plugin WP Content Copy Protection & No Right Click up to version 3.5.5. It is an authenticated Stored XSS vulnerability (admin+ required) through the plugin, with low impact to confidentiality/integrity and no impact to availability per the cited sources. A fi...