EUVD-2026-36138

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...

CVE-2026-53737

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...

CVE-2026-53737 Juicer through 1.12.18 Stored Cross-Site Scripting via Unescaped API Response

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...

CVE-2026-53737

CVE-2026-53737 affects Juicer (through 1.12.18). The vulnerability is a Stored Cross-Site Scripting (XSS) due to unescaped remote feed API response fields on the admin settings page; when the page loads, an attacker controlling the connected feed data can inject script that runs in an administrat...

CVE-2026-53737 Juicer through 1.12.18 Stored Cross-Site Scripting via Unescaped API Response

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...

PT-2026-48551

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...

WordPress Internal Link Juicer: SEO Auto Linker for WordPress plugin <= 2.24.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Internal Link Juicer: SEO Auto Linker for WordPress versions = 2.24.6...

adclaw (>=1.0.0 <=1.0.29), agentjet (=0.0.1) +27 more potentially affected by CVE-2026-6605 via agentscope (>=0.1.0 <=2.0.0)

agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.0.1, =0.1.0.post1, =0.2.0, =0.4.0, =0.4.1 and more Source cves: CVE-2026-6605 Source advisory: SNYK:PYTHON-AGENTSCOPE-16318345...

EUVD-2023-12261

Malicious code in bioql PyPI...

EUVD-2024-16449

Malicious code in bioql PyPI...

EUVD-2024-36898

Malicious code in bioql PyPI...

Malicious code in juicer-plugin (npm)

The package juicer-plugin was found to contain malicious code...

MAL-2025-23993 Malicious code in juicer-plugin (npm)

The package juicer-plugin was found to contain malicious code...

CVE-2024-37941

Cross-Site Request Forgery CSRF vulnerability in Internal Link Juicer Internal Link Juicer: SEO Auto Linker for WordPress.This issue affects Internal Link Juicer: SEO Auto Linker for WordPress: from n/a through 2.24.3...

CVE-2024-0657

The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'iljsettingsfieldlinksperpage' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes i...

CVE-2023-0172

The Juicer WordPress plugin before 1.11 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

adclaw (>=1.0.0 <=1.0.29), agentjet (=0.0.1) +27 more potentially affected by CVE-2024-8489 via agentscope (>=0.1.0 <=2.0.0)

agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.0.1, =0.1.0.post1, =0.2.0, =0.4.0, =0.4.1 and more Source cves: CVE-2024-8489 Source advisory: SNYK:PYTHON-AGENTSCOPE-9599695...

adclaw (>=1.0.0 <=1.0.29), agentjet (=0.0.1) +27 more potentially affected by CVE-2024-48050 via agentscope (>=0.1.0 <=2.0.0)

agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.0.1, =0.1.0.post1, =0.2.0, =0.4.0, =0.4.1 and more Source cves: CVE-2024-48050 Source advisory: SNYK:PYTHON-AGENTSCOPE-8344260...

CVE-2024-37941

Cross-Site Request Forgery CSRF vulnerability in Internal Link Juicer Internal Link Juicer: SEO Auto Linker for WordPress.This issue affects Internal Link Juicer: SEO Auto Linker for WordPress: from n/a through 2.24.3...

CVE-2024-37941

CVE-2024-37941 is a CSRF vulnerability in the Internal Link Juicer: SEO Auto Linker for WordPress plugin, affecting the 2.24.3 release and earlier. The CVSS v3.1 base score is 4.3 (Medium). Public exploit details are not provided in the connected documents; remediation would be upgrading to 2.24....