4526 matches found
WordPress Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin <= 1.7.1056 - Missing Authorization to Unauthenticated Form Action Meta Modification vulnerability
Missing Authorization to Unauthenticated Form Action Meta Modification vulnerability discovered by Nguyen C in WordPress Plugin Royal Elementor Addons versions = 1.7.1056...
WordPress Meta Field Block – Display custom fields in the Block Editor without coding plugin <= 1.3.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Meta Field Block versions = 1.3.3...
WordPress WP Meta and Date Remover plugin <= 2.3.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WP Meta and Date Remover versions = 2.3.4...
CVE-2026-6127
The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the elementordata meta field in versions up to, and including, 4.0.4. This is due to insufficient input sanitization when processing form-encoded REST API requests. The plugin registers the...
EUVD-2026-26479
The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the elementordata meta field in versions up to, and including, 4.0.4. This is due to insufficient input sanitization when processing form-encoded REST API requests. The plugin registers the...
Malicious code in @apiary-annex/meta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector beaea0c4666896c82c0b26b3e24708dbf4e2f28425735b67b5e723802337d51e The package @apiary-annex/meta was found to contain malicious code. Source: ghsa-malware...
PT-2026-35423
Name of the Vulnerable Software and Affected Versions Meta Box – WordPress Custom Fields Framework versions prior to 5.11.2 Description A flaw allows users with contributor privileges to perform arbitrary file deletion. Recommendations Update to version 5.11.2 or later...
[SECURITY] Fedora 44 Update: qt6-6.10.3-1.fc44
Qt6 meta package...
CVE-2026-4088
The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppwctabox' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user-supplied post meta values including 'ctaboxbuttonlink',...
CVE-2026-3361
The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsladdress' post meta value in versions up to, and including, 2.2.261 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-3361 WP Store Locator <= 2.2.261 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsl_address' Post Meta
The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsladdress' post meta value in versions up to, and including, 2.2.261 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-3361
CVE-2026-3361 affects the WordPress plugin WP Store Locator (versions up to 2.2.261). It describes a Stored Cross-Site Scripting vulnerability through the post meta field wpsl_address , caused by insufficient input sanitization and output escaping. The issue enables authenticated users with contr...
WordPress WP Store Locator plugin <= 2.2.261 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsl_address' Post Meta vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'wpsladdress' Post Meta vulnerability discovered by kai63001 in WordPress Plugin WP Store Locator versions = 2.2.261...
PT-2026-38565
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description URLs are not correctly escaped within the content attribute of a tag. If the URL content contains ASCII whitespaces around the = rune, the escaper fails to proce...
PT-2026-34631
The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsl address' post meta value in versions up to, and including, 2.2.261 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
EUVD-2026-24652
The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppwctabox' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user-supplied post meta values including 'ctaboxbuttonlink',...
CVE-2026-4088
The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppwctabox' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user-supplied post meta values including 'ctaboxbuttonlink',...
CVE-2026-4088 Switch CTA Box <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppwctabox' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user-supplied post meta values including 'ctaboxbuttonlink',...
CVE-2026-4088
The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppwctabox' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user-supplied post meta values including 'ctaboxbuttonlink',...
Towards Certified Malware Detection: Provable Guarantees against Evasion Attacks
Machine learning-based static malware detectors remain vulnerable to adversarial evasion techniques, such as metamorphic engine mutations. To address this vulnerability, we propose a certifiably robust malware detection framework based on randomized smoothing through feature ablation and targeted...