41 matches found
CVE-2026-2389
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.4.2. This is due to the revertdivstosummary function replacing HTML entities with literal double-quote characters " in post content without subseque...
CVE-2026-2389 Complianz – GDPR/CCPA Cookie Consent <= 7.4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Filter
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.4.2. This is due to the revertdivstosummary function replacing HTML entities with literal double-quote characters " in post content without subseque...
CVE-2026-2389
CVE-2026-2389 : The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to a Stored Cross-Site Scripting (XSS) in all versions up to and including 7.4.4.2. The root cause is the function revert_divs_to_summary replacing the HTML entity ” with a literal quotes character ("") in...
CVE-2026-2389
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.4.2. This is due to the revertdivstosummary function replacing HTML entities with literal double-quote characters " in post content without subseque...
CVE-2026-2389 Complianz – GDPR/CCPA Cookie Consent <= 7.4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Filter
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.4.2. This is due to the revertdivstosummary function replacing HTML entities with literal double-quote characters " in post content without subseque...
EUVD-2024-42348
Malicious code in bioql PyPI...
EUVD-2023-31210
Malicious code in bioql PyPI...
CVE-2023-27434
Cross-Site Request Forgery CSRF vulnerability in WPGrim Classic Editor and Classic Widgets plugin = 1.2.5 versions...
CVE-2025-4126
The EG-Series plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's series shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes in the shortcodetitle function. This makes it possib...
CVE-2025-4126 EG-Series <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The EG-Series plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's series shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes in the shortcodetitle function. This makes it possib...
CVE-2025-3458
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oceangalleryid’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-3458
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oceangalleryid’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-3458
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oceangalleryid’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-3458
CVE-2025-3458 (Ocean Extra, WordPress) : The Ocean Extra plugin (WordPress) up to version 2.4.6 is vulnerable to Stored Cross-Site Scripting via the ocean_gallery_id parameter. Exploitation requires authenticated access (Contributor level or higher) and the Classic Editor plugin. The vulnerabilit...
CVE-2024-47312
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Grim Classic Editor and Classic Widgets classic-editor-and-classic-widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through = 1.4.1...
CVE-2024-47312
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Grim Classic Editor and Classic Widgets classic-editor-and-classic-widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through = 1.4.1...
CVE-2024-47312 WordPress Classic Editor and Classic Widgets plugin <= 1.4.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Grim Classic Editor and Classic Widgets classic-editor-and-classic-widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through = 1.4.1...
CVE-2024-47312
CVE-2024-47312 : SQL Injection in WordPress plugins “Classic Editor” and “Classic Widgets” (WPGrim) up to version 1.4.1. Root cause: improper neutralization of input in SQL queries, enabling attacker-controlled SQL when authenticated as a Subscriber. Affected: Classic Editor and Classic Widgets (...
CVE-2024-47312 WordPress Classic Editor and Classic Widgets plugin <= 1.4.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Grim Classic Editor and Classic Widgets classic-editor-and-classic-widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through = 1.4.1...
WordPress plugin Classic Editor and Classic Widgets SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...