EUVD-2024-50650

Malicious code in bioql PyPI...

CVE-2025-53582 WordPress WordLift Plugin <= 3.54.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WordLift WordLift wordlift allows Stored XSS.This issue affects WordLift: from n/a through = 3.54.5...

CVE-2025-53582 WordPress WordLift Plugin <= 3.54.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WordLift WordLift wordlift allows Stored XSS.This issue affects WordLift: from n/a through = 3.54.5...

WordPress WordLift Plugin <= 3.54.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin WordLift versions = 3.54.5...

WordPress plugin WordLift 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-12176

The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wlconfigplugin' AJAX action in all versions up to, and including, 3.54.2. This makes it possible for unauthenticated attackers to update the plugin's settings...

CVE-2022-3069

The WordLift WordPress plugin before 3.37.2 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2024-12176

The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wlconfigplugin' AJAX action in all versions up to, and including, 3.54.2. This makes it possible for unauthenticated attackers to update the plugin's settings...

CVE-2024-12176 WordLift – AI powered SEO – Schema <= 3.54.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wlconfigplugin' AJAX action in all versions up to, and including, 3.54.2. This makes it possible for unauthenticated attackers to update the plugin's settings...

CVE-2024-12176

CVE-2024-12176 (WordLift – AI powered SEO – Schema) details : The WordLift WordPress plugin is vulnerable to unauthorized access via a missing capability check on the wl_config_plugin AJAX action, affecting all versions up to and including 3.54.0. This enables unauthenticated attackers to update ...

CVE-2024-12176 WordLift – AI powered SEO – Schema <= 3.54.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wlconfigplugin' AJAX action in all versions up to, and including, 3.54.0. This makes it possible for unauthenticated attackers to update the plugin's settings...

WordPress plugin WordLift – AI powered SEO – Schema 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WordLift plugin <= 3.54.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin WordLift versions = 3.54.2...

CVE-2022-3069

The WordLift WordPress plugin before 3.37.2 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

PT-2022-20233 · WordPress · Wordlift

Name of the Vulnerable Software and Affected Versions: WordLift WordPress plugin versions prior to 3.37.2 Description: The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and escape its...

Wordlift < 3.37.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC - Go to publisher and select Create a New Publisher - Add publisher name " - Click on Save Changes...