CVE-2026-8940 WP Meta Sort Posts <= 0.9 - Cross-Site Request Forgery to Plugin Settings Update

The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the top-level included script in msp-options.php. This makes it possible for unauthenticated attackers to chan...

CVE-2026-49051

Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Meta and Date Remover: from n/a through 2.3.6...

EUVD-2026-32541

Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Meta and Date Remover: from n/a through 2.3.6...

CVE-2026-32455

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MDTF: from n/a through = 1.3.5...

PT-2025-43836

Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through = 1.3.4...

PT-2025-43175

Name of the Vulnerable Software and Affected Versions RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter versions through 1.3.3.9 Description The software contains a missing authorization issue due to incorrectly configured access control security levels. This allows for unauthorized access...

EUVD-2023-51931

Malicious code in bioql PyPI...

EUVD-2023-23320

Malicious code in bioql PyPI...

EUVD-2023-59157

Malicious code in bioql PyPI...

EUVD-2023-23637

Malicious code in bioql PyPI...

EUVD-2023-23316

Malicious code in bioql PyPI...

EUVD-2024-41486

Malicious code in bioql PyPI...

EUVD-2022-52279

Malicious code in bioql PyPI...

EUVD-2024-41485

Malicious code in bioql PyPI...

CVE-2025-46454

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in svil4ok Meta Keywords & Description wp-meta-keywords-meta-description allows PHP Local File Inclusion.This issue affects Meta Keywords & Description: from n/a through = 0.8...

CVE-2024-45455

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JoomUnited WP Meta SEO wp-meta-seo allows Stored XSS.This issue affects WP Meta SEO: from n/a through = 4.5.13...

CVE-2024-45456

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JoomUnited WP Meta SEO wp-meta-seo allows Stored XSS.This issue affects WP Meta SEO: from n/a through = 4.5.13...

CVE-2023-0876

The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability...

CVE-2023-4823

The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change...

CVE-2023-6962

The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.12 via the meta description. This makes it possible for unauthenticated attackers to disclose potentially sensitive information via the meta description of...