11 matches found
EUVD-2025-28062
Malicious code in bioql PyPI...
EUVD-2025-28050
Malicious code in bioql PyPI...
CVE-2025-46468
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WPFable Fable Extra fable-extra allows PHP Local File Inclusion.This issue affects Fable Extra: from n/a through = 1.0.6...
CVE-2025-46539
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFable Fable Extra fable-extra allows Blind SQL Injection.This issue affects Fable Extra: from n/a through = 1.0.6...
CVE-2025-46539
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFable Fable Extra fable-extra allows Blind SQL Injection.This issue affects Fable Extra: from n/a through = 1.0.6...
CVE-2025-46468
CVE-2025-46468 is a Local File Inclusion vulnerability in WordPress plugin Fable Extra <= 1.0.6 (a WordPress plugin). The issue arises from improper control of filenames used in PHP include/require statements, enabling PHP local file inclusion. Public sources (NVD/Red Hat/ CVE records) list th...
CVE-2025-46539
CVE-2025-46539 is an SQL injection vulnerability in WordPress plugin Fable Extra, affecting versions up to 1.0.6. The issue arises from improper neutralization of input in SQL commands, enabling blind SQL injection. Product affected: Fable Extra for WordPress (versions ≤ 1.0.6). Impact as stated:...
PT-2025-22730 · Unknown +1 · Wpfable Fable Extra +1
Name of the Vulnerable Software and Affected Versions: WPFable Fable Extra versions 1.0.0 through 1.0.6 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File...
CVE-2025-46447
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFable Fable Extra fable-extra allows DOM-Based XSS.This issue affects Fable Extra: from n/a through = 1.0.6...
CVE-2025-46447
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFable Fable Extra fable-extra allows DOM-Based XSS.This issue affects Fable Extra: from n/a through = 1.0.6...
CVE-2025-46447
CVE-2025-46447 describes a DOM-based XSS in the WordPress plugin Fable Extra (versions up to 1.0.6). The issue arises from improper input neutralization during web page generation, enabling cross-site scripting through the affected plugin’s rendering path. Public references identify Fable Extra