CVE-2026-8939

The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the searchsimplefieldsoptions function in functionsadmin.php. This makes it possible for unauthenticated attacke...

CVE-2026-8939 Search Simple Fields <= 0.2 - Cross-Site Request Forgery to Plugin Settings Update

The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the searchsimplefieldsoptions function in functionsadmin.php. This makes it possible for unauthenticated attacke...

WordPress plugin Simple Fields 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

RUSTSEC-2026-0083 zantetsu-trainer is unmaintained

The zantetsu-trainer crate is no longer maintained. The ML training infrastructure it contained was removed as part of the zantetsu 0.2 release, which replaced the neural parser with a pure heuristic engine. A tombstone version 0.2.0 has been published and 0.1.4 has been yanked. There is no...

RUSTSEC-2026-0062 `tokio-compat` is unmaintained

The tokio-compat crate is unmaintained. It was part of the transition from Tokio 0.1 to 0.2...

0.2-ui (=0.0.1), 0xgank-tea-advice-pull (=1.0.0) +15830 more potentially affected by CVE-2026-27606 via rollup (>=0.10.0 <=2.7.6)

rollup NPM version =0.10.0, =2.7.6 is affected by a known vulnerability. The following packages have a transitive dependency on rollup and may be impacted: - 0.2-ui =0.0.1 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory...

PT-2026-3994

Name of the Vulnerable Software and Affected Versions SEOSEON EUROPE S.L Affiliate Link Tracker versions through 0.2 Description The Affiliate Link Tracker software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. Thi...

CVE-2025-12650

The Simple post listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'classname' parameter in the postlist shortcode in all versions up to, and including, 0.2. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes i...

EUVD-2025-202961

The Simple post listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'classname' parameter in the postlist shortcode in all versions up to, and including, 0.2. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes i...

CVE-2025-14143 Ayo Shortcodes <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute

The Ayo Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' parameter of the ayoaction shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Ayo Shortcodes plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Ayo Shortcodes versions = 0.2...

WordPress Vimeo SimpleGallery plugin <= 0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Modification vulnerability discovered by Legion Hunter in WordPress Plugin Vimeo SimpleGallery versions = 0.2...

CVE-2025-13857

The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclapbutton shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-13857 Yet Another WebClap for WordPress <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclapbutton shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-13857 Yet Another WebClap for WordPress <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclapbutton shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-11521 Astra Security Suite – Firewall & Malware Scan <= 0.2 - Unauthenticated Arbitrary File Upload

The Astra Security Suite – Firewall & Malware Scan plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient validation of remote URLs for zip downloads and an easily guessable key in all versions up to, and including, 0.2. This makes it possible for unauthenticated attacke...

CVE-2025-11521 Astra Security Suite – Firewall & Malware Scan <= 0.2 - Unauthenticated Arbitrary File Upload

The Astra Security Suite – Firewall & Malware Scan plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient validation of remote URLs for zip downloads and an easily guessable key in all versions up to, and including, 0.2. This makes it possible for unauthenticated attacke...

CVE-2025-11521

CVE-2025-11521 : Astra Security Suite – Firewall & Malware Scan WordPress plugin (versions up to 0.2) is vulnerable to unauthenticated arbitrary file upload due to insufficient validation of remote URLs for zip downloads and a easily guessable key. The vulnerability can allow uploading arbitrary ...

PT-2025-46248

Name of the Vulnerable Software and Affected Versions Astra Security Suite – Firewall & Malware Scan plugin for WordPress versions up to 0.2 Description The Astra Security Suite – Firewall & Malware Scan plugin for WordPress is susceptible to arbitrary file uploads. This is due to inadequate...

PT-2025-46290

Name of the Vulnerable Software and Affected Versions GitHub Gist Shortcode Plugin for WordPress versions through 0.2 Description The GitHub Gist Shortcode Plugin for WordPress is susceptible to Stored Cross-Site Scripting through the id parameter of the 'gist' shortcode. Insufficient input...