CVE-2026-8939

The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the searchsimplefieldsoptions function in functionsadmin.php. This makes it possible for unauthenticated attacke...

CVE-2026-8939 Search Simple Fields <= 0.2 - Cross-Site Request Forgery to Plugin Settings Update

The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the searchsimplefieldsoptions function in functionsadmin.php. This makes it possible for unauthenticated attacke...

RUSTSEC-2026-0062 `tokio-compat` is unmaintained

The tokio-compat crate is unmaintained. It was part of the transition from Tokio 0.1 to 0.2...

CVE-2025-12650

The Simple post listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'classname' parameter in the postlist shortcode in all versions up to, and including, 0.2. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes i...

EUVD-2025-202961

The Simple post listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'classname' parameter in the postlist shortcode in all versions up to, and including, 0.2. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes i...

WordPress Vimeo SimpleGallery plugin <= 0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Modification vulnerability discovered by Legion Hunter in WordPress Plugin Vimeo SimpleGallery versions = 0.2...

CVE-2025-13857

The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclapbutton shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-13857 Yet Another WebClap for WordPress <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclapbutton shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-13857 Yet Another WebClap for WordPress <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclapbutton shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-11521 Astra Security Suite – Firewall & Malware Scan <= 0.2 - Unauthenticated Arbitrary File Upload

The Astra Security Suite – Firewall & Malware Scan plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient validation of remote URLs for zip downloads and an easily guessable key in all versions up to, and including, 0.2. This makes it possible for unauthenticated attacke...

CVE-2025-11521

CVE-2025-11521 : Astra Security Suite – Firewall & Malware Scan WordPress plugin (versions up to 0.2) is vulnerable to unauthenticated arbitrary file upload due to insufficient validation of remote URLs for zip downloads and a easily guessable key. The vulnerability can allow uploading arbitrary ...

PT-2025-46290

Name of the Vulnerable Software and Affected Versions GitHub Gist Shortcode Plugin for WordPress versions through 0.2 Description The GitHub Gist Shortcode Plugin for WordPress is susceptible to Stored Cross-Site Scripting through the id parameter of the 'gist' shortcode. Insufficient input...

CVE-2025-12396 Clubmember <= 0.2 - Authenticated (Admin+) Stored Cross-Site Scripting

The clubmember plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

EUVD-2008-4057

Malware in sbrugna...

EUVD-2006-5011

Malware in sbrugna...

EUVD-2025-24892

Malicious code in bioql PyPI...

EUVD-2025-24194

Malicious code in bioql PyPI...

EUVD-2024-52558

Malicious code in bioql PyPI...

WordPress Append Link on Copy Plugin <= 0.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Append Link on Copy versions = 0.2...

CVE-2025-57941 WordPress Append Link on Copy Plugin <= 0.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JonathanMH Append Link on Copy allows Stored XSS. This issue affects Append Link on Copy: from n/a through 0.2...