CVE-2023-4209

The POEditor WordPress plugin before 0.9.8 does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its API key via CSRF attacks...

EUVD-2025-17296

Malicious code in bioql PyPI...

EUVD-2023-36359

Malicious code in bioql PyPI...

EUVD-2024-30271

Malicious code in bioql PyPI...

EUVD-2023-54083

Malicious code in bioql PyPI...

CVE-2025-49237

Cross-Site Request Forgery CSRF vulnerability in POEditor POEditor poeditor allows Path Traversal.This issue affects POEditor: from n/a through = 0.9.10...

CVE-2025-49237

Cross-Site Request Forgery CSRF vulnerability in POEditor POEditor poeditor allows Path Traversal.This issue affects POEditor: from n/a through = 0.9.10...

CVE-2025-49237 WordPress POEditor plugin <= 0.9.10 - CSRF to Arbitrary File Deletion vulnerability

Cross-Site Request Forgery CSRF vulnerability in POEditor POEditor poeditor allows Path Traversal.This issue affects POEditor: from n/a through = 0.9.10...

CVE-2025-49237

Concrete details found: POEditor WordPress plugin vulnerability CVE-2025-49237 is a CSRF to arbitrary file deletion issue affecting POEditor versions up to 0.9.10. Wordfence reports the vulnerability as high risk (CVSS 7.4) with network attack vector, no privileges, user interaction required, and...

CVE-2025-49237 WordPress POEditor plugin <= 0.9.10 - CSRF to Arbitrary File Deletion vulnerability

Cross-Site Request Forgery CSRF vulnerability in POEditor POEditor poeditor allows Path Traversal.This issue affects POEditor: from n/a through = 0.9.10...

WordPress plugin POEditor 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

PT-2025-24200 · Poeditor · Poeditor

Name of the Vulnerable Software and Affected Versions: POEditor versions 0.9.10 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that also allows Path Traversal in POEditor. Recommendations: For POEditor versions 0.9.10 and earlier, as a temporary workaround,...

CVE-2024-32453

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POEditor allows Stored XSS.This issue affects POEditor: from n/a through 0.9.8...

CVE-2023-32091

Cross-Site Request Forgery CSRF vulnerability in POEditor plugin = 0.9.4 versions...

POEditor < 0.9.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The POEditor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2024-32453

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POEditor allows Stored XSS.This issue affects POEditor: from n/a through 0.9.8...

CVE-2024-32453

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POEditor allows Stored XSS.This issue affects POEditor: from n/a through 0.9.8...

CVE-2024-32453

CVE-2024-32453 : Stored XSS in the POEditor WordPress plugin (

CVE-2024-32453 WordPress POEditor plugin <= 0.9.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POEditor allows Stored XSS.This issue affects POEditor: from n/a through 0.9.8...

CVE-2024-32453 WordPress POEditor plugin <= 0.9.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POEditor allows Stored XSS.This issue affects POEditor: from n/a through 0.9.8...