EUVD-2026-9353

The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

EUVD-2019-10365

Malware in sbrugna...

EUVD-2024-48321

Malicious code in bioql PyPI...

EUVD-2024-49400

Malicious code in bioql PyPI...

EUVD-2024-27361

Malicious code in bioql PyPI...

EUVD-2023-57729

Malicious code in bioql PyPI...

EUVD-2024-0648

Malicious code in bioql PyPI...

CVE-2024-7618

The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-6011

The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-0703

The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2022-4619

The Sidebar Widgets by CodeLights plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Extra CSS class’ parameter in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2025-22341 · WordPress · The Glossary

Name of the Vulnerable Software and Affected Versions: The Glossary by WPPedia – Best Glossary plugin for WordPress versions up to, and including, 1.3.0 Description: The issue is related to PHP Object Injection via deserialization of untrusted input from the posttypes parameter. This allows...

CVE-2025-1267

The Groundhogg plugin for Wordpress is vulnerable to Stored Cross-Site Scripting via the ‘label' parameter in versions up to, and including, 3.7.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access, to...

CVE-2024-13923

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validatefile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web...

CVE-2025-1973

CVE-2025-1973 affects the WordPress plugin Export and Import Users and Customers for WP WooCommerce (versions

CVE-2025-2478

CVE-2025-2478 (Code Clone WordPress plugin) describes a time-based SQL Injection via the snippetId parameter in versions

CVE-2024-13846

The Indeed Ultimate Learning Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘postid’ parameter in all versions up to, and including, 3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

CVE-2024-13846

Public details on CVE-2024-13846 are limited in the provided documents. No connected sources with concrete technical specifics (affected versions, root cause, exploit details, or fixes) are present. Monitor for updates as new info becomes available.

CVE-2024-13849

The Cookie Notice Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary...

CVE-2024-13849

The Cookie Notice Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary...