CVE-2026-8048

The My Email Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subject' shortcode attribute in the 'my-email' shortcode in all versions up to, and including, 0.91 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

CVE-2026-4479

The WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

PT-2026-5063

The Interactions – Create Interactive Experiences in the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event selectors in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-68925 Jervis has a JWT Algorithm Confusion Vulnerability

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2...

CVE-2025-12125

The HTML Forms – Simple WordPress Forms Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2016-1907

Malware in sbrugna...

EUVD-2017-6218

Malware in sbrugna...

EUVD-2015-1111

Malware in sbrugna...

EUVD-2023-58031

Malicious code in bioql PyPI...

EUVD-2023-12598

Malicious code in bioql PyPI...

EUVD-2023-51629

Malicious code in bioql PyPI...

EUVD-2024-32304

Malicious code in bioql PyPI...

EUVD-2023-49900

Malicious code in bioql PyPI...

EUVD-2024-34030

Malicious code in bioql PyPI...

CVE-2025-58216 WordPress WP Thumbtack Review Slider Plugin <= 2.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jgwhite33 WP Thumbtack Review Slider wp-thumbtack-review-slider allows Stored XSS.This issue affects WP Thumbtack Review Slider: from n/a through = 2.6...

CVE-2025-7658

The Temporarily Hidden Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'temphc-start' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress DearFlip plugin <= 2.3.65 - DOM-Based Reflected Cross-Site Scripting via 'pdf-source' vulnerability

DOM-Based Reflected Cross-Site Scripting via 'pdf-source' vulnerability discovered by Martin Herancourt in WordPress Plugin DearFlip versions = 2.3.65...

WordPress HT Mega – Absolute Addons for WPBakery Page Builder plugin <= 1.0.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin HT Mega – Absolute Addons for WPBakery Page Builder versions = 1.0.8...

CVE-2025-0353

The Divi Torque Lite – Best Divi Addon, Extensions, Modules & Social Modules plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

CVE-2024-4000

The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stmhb' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...