CVE-2026-6800

The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

CVE-2026-6447 Call for Price for WooCommerce <= 4.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Call for Price' Label Settings

The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-1278 Mandatory Field <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Fields

The Mandatory Field plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

CVE-2025-1762

The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2025-11927 Flying Images: Optimize and Lazy Load Images for Faster Page Speed <= 2.4.14 - Authenticated (Admin+) Stored Cross-Site Scripting

The Flying Images: Optimize and Lazy Load Images for Faster Page Speed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for...

EUVD-2018-8439

Malware in sbrugna...

EUVD-2023-54285

Malicious code in bioql PyPI...

EUVD-2024-47358

Malicious code in bioql PyPI...

EUVD-2024-16445

Malicious code in bioql PyPI...

CVE-2025-9332

The Interactive Human Anatomy with Clickable Body Parts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

PT-2025-34879 · Unknown · Diskover-Web

Name of the Vulnerable Software and Affected Versions: diskover-web version 2.3.0 Description: The application does not properly sanitize user-supplied input in several configuration fields within the administrative settings interface, leading to stored cross-site scripting XSS. Specifically, the...

WordPress Quiz And Survey Master Plugin < 10.2.3 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:expresstech:quizandsurveymaster"; if description...

CVE-2022-2555

The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...

CVE-2022-1828

The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2020-23522

Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data Password parameter...

📄 WordPress Buddypress Humanity 1.2 Cross Site Request Forgery

WordPress Buddypress Humanity plugin versions 1.2 and below suffer from a cross site request forgery vulnerability. ⚠️ CVE-2025-31033 - CSRF in WordPress Buddypress Humanity Plugin...

CVE-2024-13898 Simple Banner <= 3.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output...

Simple Online Bidding System Code Issue Vulnerability

Simple Online Bidding System is an online bidding system by oretnom23 individual developers. A code issue vulnerability exists in SourceCodester Simple Online Bidding System version 1.0, which stems from the parameter img in the file /admin/ajax.php?action=savesettings that can lead to unrestrict...

CVE-2022-1913

The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the adminid, newpass1, and newpass2 parameters...