12 matches found
EUVD-2025-11682
Malicious code in bioql PyPI...
EUVD-2023-59179
Malicious code in bioql PyPI...
CVE-2025-32561
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in plugins.club WPDEBUG Toggle enable-wp-debug-toggle allows Reflected XSS.This issue affects WPDEBUG Toggle: from n/a through = 1.1...
CVE-2025-32561
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in plugins.club WPDEBUG Toggle enable-wp-debug-toggle allows Reflected XSS.This issue affects WPDEBUG Toggle: from n/a through = 1.1...
CVE-2024-10588
The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from...
CVE-2024-10588 Debug Tool <= 2.2 - Missing Authorization to Information Exposure
The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from...
CVE-2024-10588
CVE-2024-10588 affects the Debug Tool WordPress plugin (all versions
CVE-2023-6987
The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2023-6987 String Locator <= 2.6.5 - Reflected Cross-Site Scripting
The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2023-6987 String Locator <= 2.6.5 - Reflected Cross-Site Scripting
The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2023-6987
CVE-2023-6987 affects the WordPress plugin String locator. It is a reflected XSS vulnerability triggered by the sql-column parameter in all versions up to and including 2.6.5, due to insufficient input sanitization and output escaping. Exploitation requires WP_DEBUG to be enabled and allows an un...
CF7 Google Sheets Connector < 5.0.10 - Missing Authorization to Limited Site Configuration Update
Description The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'executepostdatacg7free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggl...