12 matches found
EUVD-2023-59179
Malicious code in bioql PyPI...
EUVD-2025-11682
Malicious code in bioql PyPI...
CVE-2025-32561
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in plugins.club WPDEBUG Toggle enable-wp-debug-toggle allows Reflected XSS.This issue affects WPDEBUG Toggle: from n/a through = 1.1...
CVE-2025-32561
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in plugins.club WPDEBUG Toggle enable-wp-debug-toggle allows Reflected XSS.This issue affects WPDEBUG Toggle: from n/a through = 1.1...
CVE-2024-10588
The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from...
CVE-2024-10588 Debug Tool <= 2.2 - Missing Authorization to Information Exposure
The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from...
CVE-2024-10588
CVE-2024-10588 affects the Debug Tool WordPress plugin (all versions
CVE-2023-6987
The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2023-6987
CVE-2023-6987 affects the WordPress plugin String locator. It is a reflected XSS vulnerability triggered by the sql-column parameter in all versions up to and including 2.6.5, due to insufficient input sanitization and output escaping. Exploitation requires WP_DEBUG to be enabled and allows an un...
CVE-2023-6987 String Locator <= 2.6.5 - Reflected Cross-Site Scripting
The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2023-6987 String Locator <= 2.6.5 - Reflected Cross-Site Scripting
The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CF7 Google Sheets Connector < 5.0.10 - Missing Authorization to Limited Site Configuration Update
Description The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'executepostdatacg7free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggl...