CVE-2026-42646

CVE-2026-42646 concerns the WordPress TaxoPress plugin, specifically the simple-tags component. The vulnerability is an SQL Injection caused by improper neutralization of special elements, described as a Blind SQL Injection. Affected versions are TaxoPress up to and including 3.44.0 (plugin names...

WordPress TaxoPress plugin <= 3.41.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Tag Modification vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Post Tag Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin TaxoPress versions = 3.41.0...

WordPress TaxoPress plugin <= 3.40.0 - Authenticated (Editor+) SQL Injection vulnerability

Authenticated Editor+ SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin TaxoPress versions = 3.40.0...

EUVD-2021-11356

Malware in sbrugna...

EUVD-2023-33685

Malicious code in bioql PyPI...

EUVD-2025-2953

Malicious code in bioql PyPI...

EUVD-2024-40130

Malicious code in bioql PyPI...

WordPress TaxoPress Plugin <= 3.37.2 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin TaxoPress versions = 3.37.2...

CVE-2023-2170

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to...

CVE-2023-2168

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Suggest Terms Title field in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inje...

CVE-2021-24444

The TaxoPress – Create and Manage Taxonomies, Tags, Categories WordPress plugin before 3.0.7.2 does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload in them even when the unfilteredhtml capability is disallowed, leading to an authenticated Store...

WordPress AI Autotagger plugin < 3.30.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin TaxoPress versions 3.30.0...

CVE-2025-22735

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Burge WordPress Tag Cloud Plugin – Tag Groups tag-groups allows Reflected XSS.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through = 2.0.4...

WordPress TaxoPress plugin <= 3.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by stealthcopter in WordPress Plugin TaxoPress versions = 3.12.0...

WordPress TaxoPress Plugin <= 3.12.0 is vulnerable to Cross Site Scripting (XSS)

Software TaxoPress Type Plugin Vulnerable versions = 3.12.0 Fixed in 3.20.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2830 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 812b03b02ecc Credits stealthcopter Required...

CVE-2023-2168

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Suggest Terms Title field in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inje...

CVE-2023-2170

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to...

CVE-2023-2169

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to...

CVE-2023-2168

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Suggest Terms Title field in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inje...

Cross site scripting

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to...