EUVD-2026-9274

The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to bypass authentication and log in as other users, including administrators...

CVE-2025-62154

Technical details for CVE-2025-62154 are not provided in the connected documents. Public exploit status, affected versions, impact, and fixes are not disclosed here; monitor for official disclosures.

CVE-2024-47384

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WP Compress WP Compress – Image Optimizer All-In-One allows Reflected XSS.This issue affects WP Compress – Image Optimizer All-In-One: from n/a through 6.20.13...

CVE-2024-32106

Cross-Site Request Forgery CSRF vulnerability in WP Compress WP Compress – Image Optimizer All-In-One.This issue affects WP Compress – Image Optimizer All-In-One: from n/a through 6.10.35...

CVE-2023-29435

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Zwaply Cryptocurrency All-in-One plugin = 3.0.19 versions...

CVE-2016-10867

The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages...