CVE-2022-0814

The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections...

EUVD-2023-33977

Malicious code in bioql PyPI...

EUVD-2025-24667

Malicious code in bioql PyPI...

EUVD-2023-57933

Malicious code in bioql PyPI...

CVE-2024-0566

The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2023-1377

The Solidres WordPress plugin through 0.9.4 does not sanitise and escape numerous parameter before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2022-4897

The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting...

CVE-2022-0836

The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users...

CVE-2024-13865

The S3Player WordPress plugin through 4.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users...

CVE-2024-0249

The Advanced Schedule Posts WordPress plugin through 2.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins...

PT-2025-21436 · WordPress · Affiliateimportereb

Name of the Vulnerable Software and Affected Versions: AffiliateImporterEb WordPress plugin versions 1.0.0 through 1.0.6 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back i...

CVE-2025-2055

The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...

CVE-2024-13862

The S3Bubble Media Streaming AWS|Elementor|YouTube|Vimeo Functionality WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13891

CVE-2024-13891 refers to the Schedule WordPress plugin (versions up to 1.0.0) where an unsanitized parameter is output back in the page, enabling Reflected XSS against high-privilege users (admin). Public-documented details confirm the vulnerability, but the connected documents do not provide a c...

CVE-2024-12878

The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2025-8682 · WordPress · Calendapp

Name of the Vulnerable Software and Affected Versions: CalendApp WordPress plugin versions 1.1 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. This could be...

PT-2025-8683 · WordPress · R3W Instafeed

Name of the Vulnerable Software and Affected Versions: R3W InstaFeed WordPress plugin version 1.0 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page. This could ...

CVE-2024-13223

The Tabulate WordPress plugin through 2.10.3 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13221 Fantastic Elasticsearch <= 4.1.0 - Reflected XSS

The Fantastic ElasticSearch WordPress plugin through 4.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-7692 Flaming Forms <= 1.0.1 - Reflected XSS

The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...