CVE-2026-3772

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...

WordPress WP Editor plugin <= 1.2.9.2 - Cross-Site Request Forgery to Remote Code Execution vulnerability

Cross-Site Request Forgery to Remote Code Execution vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin WP Editor versions = 1.2.9.2...

CVE-2026-39640 WordPress Theme Editor plugin <= 3.2 - Cross Site Request Forgery (CSRF) to Remote Code Execution vulnerability

Cross-Site Request Forgery CSRF vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through = 3.2...

CVE-2026-3026

A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated...

CVE-2026-1827

The Flask Micro code-editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's codeflask shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-1827 IDE Micro code-editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute

The Flask Micro code-editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's codeflask shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Guest posting / Frontend Posting / Front Editor - WP Front User Submit plugin <= 5.0.0 - Missing Authorization to Unauthenticated Media Deletion vulnerability

WordPress Guest posting / Frontend Posting / Front Editor - WP Front User Submit plugin = 5.0.0 - Missing Authorization to Unauthenticated Media Deletion vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin WP Front User Submit / Front Editor versio...

EUVD-2025-34985

The Theme Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0. This is due to missing or incorrect nonce validation on the 'themeeditortheme' page. This makes it possible for unauthenticated attackers to achieve remote code execution v...

EUVD-2021-12898

Malware in sbrugna...

EUVD-2021-25547

Malware in sbrugna...

EUVD-2022-34701

Malicious code in bioql PyPI...

EUVD-2025-4834

Malicious code in bioql PyPI...

EUVD-2023-49582

Malicious code in bioql PyPI...

WordPress plugin WPFront User Role Editor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...

CVE-2025-58799 WordPress Custom WooCommerce Checkout Fields Editor Plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in themelocation Custom WooCommerce Checkout Fields Editor add-fields-to-checkout-page-woocommerce allows Cross Site Request Forgery.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through = 1.3.4...

CVE-2025-53282

CVE-2025-53282 describes a Stored XSS in the WordPress Thumbnail Editor plugin up to version 2.3.3, caused by improper input neutralization during web page generation. Affected software: Thumbnail Editor (WordPress plugin). Root cause: improper neutralization of input leading to Stored XSS. Impac...

CVE-2024-11008

The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts tha...

CVE-2023-45276

Cross-Site Request Forgery CSRF vulnerability in automatededitor.Com Automated Editor plugin = 1.3 versions...

CVE-2023-1982

The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2016-10976

The safe-editor plugin before 1.2 for WordPress has no sesave authentication, with resultant XSS...