CVE-2026-0608

The Head Meta Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'head-meta-data' post meta field in all versions up to, and including, 20251118 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2026-3576

Name of the Vulnerable Software and Affected Versions Head Meta Data plugin for WordPress versions prior to 20251119 Description The Head Meta Data plugin for WordPress is susceptible to Stored Cross-Site Scripting through the head-meta-data post meta field. Insufficient input sanitization and...

WordPress plugin Head Meta Data: Cross-site Script Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2025-23187

Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an unauthenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability...

CVE-2024-34434

Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter MDTF allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter MDTF: from n/a through 1.3.3.2...

CVE-2025-1657

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stmlistingajax AJAX action in all versions up to, and including, 2.2.0. This makes it possible for...

WordPress Head Meta Data plugin <= 20250327 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jitlada in WordPress Plugin Head Meta Data versions = 20250327...

EUVD-2025-203187

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with...

CVE-2025-12512 GenerateBlocks <= 2.1.2 - Authenticated (Contributor+) Information Exposure via Metadata

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with...

CVE-2025-12512 GenerateBlocks <= 2.1.2 - Authenticated (Contributor+) Information Exposure via Metadata

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with...

PT-2025-51042

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with current user...

CVE-2025-66081

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr Head Meta Data head-meta-data allows Stored XSS.This issue affects Head Meta Data: from n/a through = 20250327...

CVE-2025-66081 WordPress Head Meta Data plugin <= 20250327 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr Head Meta Data head-meta-data allows Stored XSS.This issue affects Head Meta Data: from n/a through = 20250327...

CVE-2025-66081 WordPress Head Meta Data plugin <= 20250327 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr Head Meta Data head-meta-data allows Stored XSS.This issue affects Head Meta Data: from n/a through = 20250327...

CVE-2025-66081

CVE-2025-66081 affects the WordPress Head Meta Data plugin. The vulnerability is a stored XSS caused by improper input neutralization during web page generation, affecting versions up to and including 20250327. The CVSSv3.1 base score is 5.4 (Medium). Connected sources corroborate the stored XSS ...

EUVD-2025-198466

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr Head Meta Data head-meta-data allows Stored XSS.This issue affects Head Meta Data: from n/a through = 20250327...

WordPress plugin Head Meta Data 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-47750

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr Head Meta Data head-meta-data allows Stored XSS.This issue affects Head Meta Data: from n/a through = 20250327...

Malicious code in nurul-sambel40-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e1782c5b256bcd0bd35dfcfd9d2666a33791fa5a5612bea58414c7a25e55a89 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-35981

Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through = 1.3.4...