EUVD-2026-29395

The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the wpsbdpostcarousel shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2026-4859

The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the wpsbdpostcarousel shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2026-4859

The CVE-2026-4859 entry pertains to the WordPress SP Blog Designer plugin, affected versions are all releases up to and including 1.0.0. The vulnerability is a Stored Cross-Site Scripting (XSS) via the design attribute of the wpsbd_post_carousel shortcode, caused by insufficient input sanitizatio...

WordPress plugin SP Blog Designer 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-39950

The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the wpsbd post carousel shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

WordPress SP Blog Designer plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin SP Blog Designer versions = 1.0.0...

EUVD-2025-8785

Malicious code in bioql PyPI...

EUVD-2024-46089

Malicious code in bioql PyPI...

CVE-2025-31606

Missing Authorization vulnerability in softpulseinfotech SP Blog Designer sp-blog-designer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Blog Designer: from n/a through = 1.0.0...

CVE-2025-31606

Missing Authorization vulnerability in softpulseinfotech SP Blog Designer sp-blog-designer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Blog Designer: from n/a through = 1.0.0...

CVE-2025-31606

CVE-2025-31606 affects the WordPress plugin SP Blog Designer. The vulnerability is a Missing Authorization issue allowing unauthenticated users to perform arbitrary shortcode execution, with affected versions from unknown through 1.0.0. CVSSv3.1 base score is 4.8 (LOW–MEDIUM) and the attack is ne...

CVE-2024-52498

Path Traversal: '.../...//' vulnerability in softpulseinfotech SP Blog Designer sp-blog-designer allows PHP Local File Inclusion.This issue affects SP Blog Designer: from n/a through = 1.0.0...

CVE-2024-52498

CVE-2024-52498 affects WordPress SP Blog Designer plugin

WordPress plugin SP Blog Designer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-35339 · Softpulse Infotech · Sp Blog Designer

Name of the Vulnerable Software and Affected Versions: Softpulse Infotech SP Blog Designer versions 1.0.0 and earlier Description: The issue is related to a Path Traversal vulnerability, specifically '.../...//' in Softpulse Infotech SP Blog Designer, allowing PHP Local File Inclusion...

WordPress SP Blog Designer plugin <= 1.0.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin SP Blog Designer versions = 1.0.0...

WordPress SP Blog Designer Plugin <= 1.0.0 is vulnerable to Local File Inclusion

Software SP Blog Designer Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-52498 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 33032dc1d973 Credits João Pedro S Alcântara Kinorth...