CVE-2026-10753 Site Kit by Google < 1.176.0 - Editor+ Email Reporting Settings Update

The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have been granted dashboard sharing access such as Editors to modify a site-wide Site Kit by Google WordPress plugin before 1.176.0...

EUVD-2016-1864

Malware in sbrugna...

EUVD-2023-30311

Malicious code in bioql PyPI...

WordPress plugin Photo Express for Google 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

WordPress Events Calendar for Google plugin <= 2.1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Events Calendar for Google versions = 2.1.0...

WordPress Events Calendar for Google Plugin <= 2.1.0 is vulnerable to Local File Inclusion

Software Events Calendar for Google Type Plugin Vulnerable versions = 2.1.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-38716 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 305987aedf95 Credits João Pedro S Alcântar...

Events Rich Snippets for Google <= 1.8 - Cross-Site Request Forgery to Arbitrary Options Update

Description The Events Rich Snippets for Google plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8. This is due to missing or incorrect nonce validation on the handleEventSettings function. This makes it possible for unauthenticated attackers to...

CVE-2023-26514

Cross-Site Request Forgery CSRF vulnerability in WPGrim Dynamic XML Sitemaps Generator for Google plugin = 1.3.3 versions...

CVE-2023-26514

CVE-2023-26514 is a CSRF vulnerability in the WordPress plugin WPGrim Dynamic XML Sitemaps Generator for Google (versions

WordPress Events Rich Snippets for Google Plugin <= 1.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Events Rich Snippets for Google Type Plugin Vulnerable versions = 1.8 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44478 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID cd6a8e204b56 Credits Mika...

Information disclosure

The Site Kit by Google plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 1.8.0 This is due to the lack of capability checks on the adminenqueuescripts action which displays the connection key. This makes it possible for authenticated attacker...

CVE-2020-8934 Site Kit by Google plugin for WordPress

The Site Kit by Google plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 1.8.0 This is due to the lack of capability checks on the adminenqueuescripts action which displays the connection key. This makes it possible for authenticated attacker...

CVE-2021-36912

Stored Cross-Site Scripting XSS vulnerability in Andrea Pernici News Sitemap for Google plugin = 1.0.16 on WordPress, attackers must have contributor or higher user role...

CVE-2021-36912

The CVE-2021-36912 entry affects the WordPress plugin News Sitemap for Google (plugin version

Cross site scripting

The More From Google WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /morefromgoogle.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2...

Overlay Malware Exploits Chrome Browser, Targets Banks and Heads to Spain

Researchers are warning of a remote overlay malware attack that leverages a fake Chrome browser plugin to target the accounts of banking customers in Spain. Grandoreiro is a type of remote overlay banking trojan, designed to help attackers overtake devices and display a full-screen overlay image...

google_spider

This plugin finds new URLs using google. It will search for "site:domain.com" and do GET requests all the URLs found in the result. One configurable parameter exists: resultlimit Plugin type Crawl Options Name | Type | Default Value | Description | Help ---|---|---|---|--- resultlimit | integer |...