4430 matches found
CVE-2026-2512
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all versions up to, and including, 2.5.1. This is due to the plugin's sanitization function seccheckpostfields only running on the savepost hook, while WordPress allows custom fields t...
Meta’s AI Glasses and Privacy
Surprising no one, Meta's new AI glasses are a privacy disaster. I'm not sure what can be done here. This is a technology that will exist, whether we like it or not. Meanwhile, there is a new Android app that detects when there are smart glasses nearby...
CVE-2026-32455 WordPress MDTF plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MDTF: from n/a through = 1.3.5...
CVE-2026-32455
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MDTF: from n/a through = 1.3.5...
Malicious code in meta-internal-logger-drzak (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1483f98fd78866cc6a27d31d99659bbb2912ec70d8771a004837f6fa46661a78 The package meta-internal-logger-drzak was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview meta-internal-logger-drzak is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Meta Ramps Up Efforts to Disrupt Industrialized Scamming
Meta removed 10.9 million Facebook and Instagram accounts linked to “criminal scam centers” last year, the company announced on Wednesday...
EUVD-2026-11111
The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ast-page-background-meta and ast-content-background-meta post meta fields in all versions up to, and including, 4.12.3. This is due to insufficient input sanitization on meta registration and missing output escapin...
CVE-2026-3534
The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ast-page-background-meta and ast-content-background-meta post meta fields in all versions up to, and including, 4.12.3. This is due to insufficient input sanitization on meta registration and missing output escapin...
CVE-2026-3534
CVE-2026-3534 affects the Astra WordPress theme (versions
CVE-2026-3534 Astra <= 4.12.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta
The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ast-page-background-meta and ast-content-background-meta post meta fields in all versions up to, and including, 4.12.3. This is due to insufficient input sanitization on meta registration and missing output escapin...
CVE-2026-3534 Astra <= 4.12.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta
The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ast-page-background-meta and ast-content-background-meta post meta fields in all versions up to, and including, 4.12.3. This is due to insufficient input sanitization on meta registration and missing output escapin...
CVE-2026-3534
The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ast-page-background-meta and ast-content-background-meta post meta fields in all versions up to, and including, 4.12.3. This is due to insufficient input sanitization on meta registration and missing output escapin...
PT-2026-24590
🚨 CVE-2026-3534 The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ast-page-background-meta and ast-content-background-meta post meta fields in all versions up to, and including, 4.12.3. This is due to insufficient input sanitization on meta registration and missin...
WordPress Astra theme <= 4.12.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Post Meta vulnerability discovered by at1as - Self-Employed in WordPress Theme Astra WordPress Theme versions = 4.12.3...
EUVD-2026-10484
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nxsfbembed shortcode in all versions up to, and including, 4.4.6. This is due to insufficient input sanitization and output escaping on the snapFB post meta value. This makes it...
EUVD-2026-10485
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nxsfbembed shortcode in all versions up to, and including, 4.4.6. This is due to insufficient input sanitization and output escaping on the snapFB post meta value. This makes it...
BIT-GOLANG-2026-27142 URLs in meta content attribute actions are not escaped in html/template
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...
PT-2026-24608
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...
PixelConfig: Longitudinal Measurement and Reverse-Engineering of Meta Pixel Configurations
Tracking pixels are used to optimize online ad campaigns through personalization, re-targeting, and conversion tracking. Past research has primarily focused on detecting the prevalence of tracking pixels on the web, with limited attention to how they are configured across websites. A tracking pix...