CVE-2026-39644 WordPress Wp Ultimate Review plugin <= 2.3.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wp Ultimate Review: from n/a through = 2.3.8...

CVE-2026-24600

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Review penci-review allows Stored XSS.This issue affects Penci Review: from n/a through = 3.5...

CVE-2026-24600 WordPress Penci Review plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Review penci-review allows Stored XSS.This issue affects Penci Review: from n/a through = 3.5...

CVE-2026-24600 WordPress Penci Review plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Review penci-review allows Stored XSS.This issue affects Penci Review: from n/a through = 3.5...

CVE-2026-24361

CVE-2026-24361 is a Stored XSS in the WordPress plugin LearnPress – Course Review, affected versions 4.1.9) or apply vendor-provided fixes. If upgrading, verify the plugin is updated to a version where the XSS is addressed. Other connected advisories corroborate the same vulnerability descriptio...

CVE-2025-14118

The Starred Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the PHPSELF variable in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-14118 Starred Review <= 1.4.2 - Reflected Cross-Site Scripting via PHP_SELF Variable

The Starred Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the PHPSELF variable in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-14118

CVE-2025-14118 (Starred Review - WordPress) is a Reflected Cross-Site Scripting vulnerability in the Starred Review plugin for WordPress, affecting versions up to 1.4.2. The issue arises from insufficient input sanitization and output escaping around PHP_SELF, enabling unauthenticated attackers t...

CVE-2025-63057

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows DOM-Based XSS.This issue affects Wp Ultimate Review: from n/a through = 2.3.7...

CVE-2025-53573 WordPress Epic Review Plugin <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jegtheme Epic Review epic-review allows Reflected XSS.This issue affects Epic Review: from n/a through = 1.0.2...

CVE-2025-53573 WordPress Epic Review Plugin <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jegtheme Epic Review epic-review allows Reflected XSS.This issue affects Epic Review: from n/a through = 1.0.2...

WordPress plugin Epic Review 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

EUVD-2019-19364

Malware in sbrugna...

EUVD-2025-13882

Malicious code in bioql PyPI...

EUVD-2025-14226

Malicious code in bioql PyPI...

EUVD-2023-50346

Malicious code in bioql PyPI...

WordPress Epic Review Plugin <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Epic Review versions = 1.0.2...

CVE-2025-2158

The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5 via the Post custom fields. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-2158

The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5 via the Post custom fields. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-2158 WordPress Review Plugin: The Ultimate Solution for Building a Review Website <= 5.3.5 - Authenticated (Contributor+) Local File Inclusion via Post Custom Fields

The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5 via the Post custom fields. This makes it possible for authenticated attackers, with Contributor-level access and...