WordPress Autoptimize plugin <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lazy-loaded Image Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Lazy-loaded Image Attributes vulnerability discovered by stealthcopter in WordPress Plugin Autoptimize versions = 3.1.14...

EUVD-2026-13838

The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aopostpreload' meta value in all versions up to, and including, 3.1.14. This is due to insufficient input sanitization in the aometaboxsave function and missing output escaping when the value is rendered in...

CVE-2026-2430

The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lazy-loading image processing in all versions up to, and including, 3.1.14. This is due to the use of an overly permissive regular expression in the addlazyload function that replaces all occurrences of \ssr...

CVE-2026-2430

The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lazy-loading image processing in all versions up to, and including, 3.1.14. This is due to the use of an overly permissive regular expression in the addlazyload function that replaces all occurrences of \ssr...

WordPress plugin Autoptimize 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-32439

Missing Authorization vulnerability in WebGeniusLab BigHearts bighearts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BigHearts: from n/a through = 3.1.14...

CVE-2026-32439

Missing Authorization vulnerability in WebGeniusLab BigHearts bighearts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BigHearts: from n/a through = 3.1.14...

CVE-2026-32439

The CVE-2026-32439 entry concerns the WordPress BigHearts theme (versions up to 3.1.14). The description identifies a Missing Authorization vulnerability caused by Incorrectly Configured Access Control Security Levels, affecting BigHearts from n/a through 3.1.14. The Connected records do not prov...

WordPress plugin BigHearts 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

EUVD-2023-1510

Malicious code in bioql PyPI...

EUVD-2023-1508

Malicious code in bioql PyPI...

EUVD-2025-11741

Malicious code in bioql PyPI...

CVE-2023-41689

Missing Authorization vulnerability in Koen Reus Post to Google My Business Google Business Profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post to Google My Business Google Business Profile: from n/a through 3.1.14...

CVE-2023-2999

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14...

CVE-2025-39533

Missing Authorization vulnerability in Starfish Reviews Starfish Review Generation & Marketing starfish-reviews allows Privilege Escalation.This issue affects Starfish Review Generation & Marketing: from n/a through = 3.1.19...

CVE-2025-46250

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vikas Ratudi VPSUForm v-form allows Stored XSS.This issue affects VPSUForm: from n/a through = 3.1.14...

CVE-2025-39533

Missing Authorization vulnerability in Starfish Reviews Starfish Review Generation & Marketing starfish-reviews allows Privilege Escalation.This issue affects Starfish Review Generation & Marketing: from n/a through = 3.1.19...

CVE-2025-39533 WordPress Starfish Review Generation & Marketing plugin <= 3.1.19 - Privilege Escalation vulnerability

Missing Authorization vulnerability in Starfish Reviews Starfish Review Generation & Marketing starfish-reviews allows Privilege Escalation.This issue affects Starfish Review Generation & Marketing: from n/a through = 3.1.19...

WordPress ImageRecycle pdf & image compression plugin <= 3.1.14 - Cross-Site Request Forgery in Several AJAX Actions vulnerability

Cross-Site Request Forgery in Several AJAX Actions vulnerability discovered by Lucio Sá in WordPress Plugin ImageRecycle pdf & image compression versions = 3.1.14...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.14 is vulnerable to Broken Access Control

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.14 Fixed in 3.1.15 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6631 Patch priority Low CVSS severity Low 5 Developer Claim ownership PSID 297d76ad6b7c Credits Lucio Sá...