CVE-2026-3513 TableOn – WordPress Posts Table Filterable <= 1.0.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute

The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tableonbutton' shortcode in all versions up to and including 1.0.4.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes...

WordPress plugin TableOn – WordPress Posts Table Filterable 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-3336

The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sby check wp submit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it...

Tucows (VDP): Unauthenticated Access Control Bypass — Private WordPress Post Disclosure (Outdated WordPress 4.9.40)

Vulnerability description not provided...

EUVD-2025-9812

Malicious code in bioql PyPI...

EUVD-2025-28471

Malicious code in bioql PyPI...

EUVD-2023-50433

Malicious code in bioql PyPI...

EUVD-2025-11694

Malicious code in bioql PyPI...

EUVD-2025-24786

Malicious code in bioql PyPI...

WordPress plugin Import YouTube videos as WP Posts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

WordPress plugin WP Posts Carousel 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2024-13623

The Order Export for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.24 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads...

WordPress Network Posts Extended plugin <= 7.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via post_height Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via postheight Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Posts Extended versions = 7.7.1...

CVE-2025-32592

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 TableOn posts-table-filterable allows Stored XSS.This issue affects TableOn: from n/a through = 1.0.3...

CVE-2025-32569

Deserialization of Untrusted Data vulnerability in RealMag777 TableOn posts-table-filterable allows Object Injection.This issue affects TableOn: from n/a through = 1.0.4.3...

CVE-2025-32218

Technical details for CVE-2025-32218 are not provided in the supplied documents. No affected product/version, impact, or fix details are available here. Monitor for updates from vendors and CVE databases.

WordPress Posts Date Ranges plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Posts Date Ranges versions = 2.2...

WordPress Posts Search plugin <= 1.2.2 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Posts Search versions = 1.2.2...

CVE-2024-22159

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional allows Reflected XSS.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8...

WordPress Posts to Page Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)

Software Posts to Page Type Plugin Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-52195 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a1a6b4b34260 Credits Ngô Thiên An ancorn from VNPT-VCI Required...