CVE-2025-13812 GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.6.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gamipressajaxgetposts and gamipressajaxgetusers functions in all versions up to, and including...

EUVD-2024-45607

Malicious code in bioql PyPI...

EUVD-2024-34303

Malicious code in bioql PyPI...

EUVD-2025-31214

Malicious code in bioql PyPI...

EUVD-2025-4329

Malicious code in bioql PyPI...

CVE-2025-10037 Featured Image from URL (FIFU) <= 5.2.7 - Authenticated (Admin+) SQL Injection

The Featured Image from URL FIFU plugin for WordPress is vulnerable to SQL Injection via the getpostswithinternalfeaturedimage function in all versions up to, and including, 5.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2024-51804

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobmatnyc Moka Get Posts Shortcode moka-get-posts allows DOM-Based XSS.This issue affects Moka Get Posts Shortcode: from n/a through = 1.0...

CVE-2023-7072

The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'getposts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft...

CVE-2025-27349

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nurelm Get Posts nurelm-get-posts allows Stored XSS.This issue affects Get Posts: from n/a through = 0.6...

CVE-2025-27349

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nurelm Get Posts nurelm-get-posts allows Stored XSS.This issue affects Get Posts: from n/a through = 0.6...

WordPress Get Posts plugin <= 0.6 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin Get Posts versions = 0.6...

CVE-2025-27349 WordPress Get Posts plugin <= 0.6 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nurelm Get Posts nurelm-get-posts allows Stored XSS.This issue affects Get Posts: from n/a through = 0.6...

CVE-2025-27349

CVE-2025-27349 refers to a cross-site scripting (XSS) vulnerability in the WordPress plugin Get Posts . The issue arises from improper input neutralization during web page generation, enabling a Stored XSS condition for affected versions. The vulnerability scope is described as Get Posts: from n/...

WordPress plugin Get Posts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2025-7763 · Unknown · Nurelm Get Posts

Name of the Vulnerable Software and Affected Versions: nurelm Get Posts versions 0.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability. Specifically, it is a Stored XSS vulnerabilit...

CVE-2024-11906

CVE-2024-11906 affects the WordPress plugin “TPG Get Posts.” It enables Stored Cross-Site Scripting via the plugin’s tpg_get_posts shortcode in all versions up to 3.6.5 due to insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires at least contribut...

CVE-2024-11906 TPG Get Posts <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpggetposts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-11906 TPG Get Posts <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpggetposts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress TPG Get Posts plugin <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin TPG Get Posts versions = 3.6.5...

WordPress plugin TPG Get Posts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...