17 matches found
EUVD-2026-16104
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags function only verifying that the user has the 'read' capability and a valid b2ssecuritynonce, both o...
WordPress plugin Blog2Social: Social Media Auto Post & Scheduler 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-2498 WP Social Meta <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings
The WP Social Meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...
CVE-2026-2498
CVE-2026-2498 concerns the WordPress plugin WP Social Meta. Wordfence and CVE records indicate a Stored Cross-Site Scripting (Stored XSS) vulnerability in admin settings for WP Social Meta versions up to 1.0.1. The issue arises from insufficient input sanitization and output escaping, affecting m...
CVE-2026-2498 WP Social Meta <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings
The WP Social Meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...
WordPress plugin WP Social Meta 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-22094
The WP Social Meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...
CVE-2024-2093
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content...
EUVD-2024-27057
Malicious code in bioql PyPI...
CVE-2024-3679
The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.002. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data...
CVE-2024-3679
CVE-2024-3679 : The Premium SEO Pack – WP SEO Plugin for WordPress is vulnerable to unauthenticated Sensitive Information Exposure in all versions up to and including 1.6.001. Attackers can view limited information from password-protected posts via social meta data. According to the provided docu...
CVE-2024-3679 Premium SEO Pack – WP SEO Plugin <= 1.6.002 - Unauthenticated Information Exposure
The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.002. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data...
CVE-2024-2093
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content...
CVE-2024-2093
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content...
CVE-2024-2093 VK All in One Expansion Unit <= 9.95.0.1 - Information Exposure
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content...
PT-2024-18818 · WordPress · Vk All In One Expansion Unit
Name of the Vulnerable Software and Affected Versions: VK All in One Expansion Unit plugin for WordPress versions up to, and including, 9.95.0.1 Description: The issue allows unauthenticated attackers to view limited password-protected content due to Sensitive Information Exposure via social meta...
WordPress Plugin VK All in One Expansion Unit 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress is a blogging platform developed in the PHP language, which supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin VK All in One...