CVE-2025-49376 WordPress DELUCKS SEO plugin <= 2.5.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects DELUCKS SEO: from n/a through = 2.5.9...

CVE-2025-53570

CVE-2025-53570 affects DELUCKS SEO, a WordPress plugin, with a Stored Cross‑Site Scripting flaw described as improper input neutralization during web page generation. Affected version range is DELUCKS SEO

CVE-2025-48165 WordPress DELUCKS SEO Plugin <= 2.6.0 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Privilege Escalation.This issue affects DELUCKS SEO: from n/a through = 2.6.0...

CVE-2024-54259 WordPress DELUCKS SEO plugin <= 2.7.0 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Path Traversal.This issue affects DELUCKS SEO: from n/a through = 2.7.0...

WordPress DELUCKS SEO plugin <= 2.5.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin DELUCKS SEO versions = 2.5.4...

CVE-2019-25146

The DELUCKS SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saveSettings function that had no capability checks in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

Cross site scripting

The DELUCKS SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saveSettings function that had no capability checks in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2019-25146 DELUCKS SEO < 2.1.8 - Stored Cross Site Scripting

The DELUCKS SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saveSettings function that had no capability checks in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

WordPress Plugin DELUCKS SEO 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...