CVE-2024-43228

Missing Authorization vulnerability in SecuPress SecuPress Free secupress.This issue affects SecuPress Free: from n/a through = 2.2.5.3...

CVE-2024-43228

Missing Authorization vulnerability in SecuPress SecuPress Free secupress.This issue affects SecuPress Free: from n/a through = 2.2.5.3...

CVE-2024-43228 WordPress SecuPress Free plugin <= 2.2.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in SecuPress SecuPress Free secupress.This issue affects SecuPress Free: from n/a through = 2.2.5.3...

CVE-2024-43228 WordPress SecuPress Free plugin <= 2.2.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in SecuPress SecuPress Free secupress.This issue affects SecuPress Free: from n/a through = 2.2.5.3...

CVE-2024-43228

CVE-2024-43228 is a Missing Authorization (Broken Access Control) vulnerability in WordPress SecuPress Free, affecting SecuPress Free versions through 2.2.5.3. The issue is confirmed by NVD/Red Hat entries with the same description and a CVSS v3.1 base score of 5.3 (Medium). No exploit details ar...

PT-2026-21026

Name of the Vulnerable Software and Affected Versions SecuPress Free versions through 2.2.5.3 Description A missing authorization issue exists in SecuPress Free. The issue allows unauthorized access. Recommendations Update SecuPress Free to a version later than 2.2.5.3...

EUVD-2025-8303

Malicious code in bioql PyPI...

EUVD-2025-15050

Malicious code in bioql PyPI...

CVE-2024-1504

The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupressblackholebanip function. This makes it possible for unauthenticated attacker...

CVE-2025-3452 SecuPress Free <= 2.3.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation

The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'secupressreinstallpluginsadminajaxcb' function in all versions up to, and including, 2.3.9. This makes it possible for authenticated attackers,...

CVE-2025-3452

CVE-2025-3452 concerns the WordPress plugin SecuPress Free (versions up to and including 2.3.9). A missing capability check in the secupress_reinstall_plugins_admin_ajax_cb function allows authenticated attackers with Subscriber-level access and above to install arbitrary plugins, enabling unauth...

CVE-2025-3452 SecuPress Free <= 2.3.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation

The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'secupressreinstallpluginsadminajaxcb' function in all versions up to, and including, 2.3.9. This makes it possible for authenticated attackers,...

WordPress plugin SecuPress Free 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-18139 · WordPress · Secupress Free

Name of the Vulnerable Software and Affected Versions: SecuPress Free — WordPress Security plugin versions up to, and including, 2.3.9 Description: The issue allows authenticated attackers with Subscriber-level access and above to install arbitrary plugins due to a missing capability check on the...

WordPress SecuPress Free plugin <= 2.3.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Installation vulnerability discovered by mikemyers in WordPress Plugin SecuPress Free versions = 2.3.9...

WordPress SecuPress Free plugin <= 2.2.5.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin SecuPress Free versions = 2.2.5.3...

CVE-2025-30907

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SecuPress SecuPress Free allows DOM-Based XSS. This issue affects SecuPress Free: from n/a through 2.2.5.3...

CVE-2025-30907

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SecuPress SecuPress Free secupress allows DOM-Based XSS.This issue affects SecuPress Free: from n/a through = 2.2.5.3...

CVE-2025-30907

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SecuPress SecuPress Free secupress allows DOM-Based XSS.This issue affects SecuPress Free: from n/a through = 2.2.5.3...

CVE-2025-30907 WordPress SecuPress Free plugin <= 2.2.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SecuPress SecuPress Free secupress allows DOM-Based XSS.This issue affects SecuPress Free: from n/a through = 2.2.5.3...