CVE-2026-7624

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-7624 SEO Plugin by Squirrly SEO <= 12.4.16 - Missing Authorization to Authenticated (Contributor+) Privileged Cloud API Operations

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-7624

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

EUVD-2026-34956

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

PT-2026-47140

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

EUVD-2020-29765

Malware in sbrugna...

WordPress Search Console Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Search Console Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.2.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a4be5ffaaaab Credits Rafie Muhammad Patchstack Required...

Site Kit by Google < 1.8.0 - Privilege Escalation to gain Search Console Access

This flaw allows any authenticated user, regardless of capability, to become a Google Search Console owner for any site running the Site Kit by Google plugin. PoC Steps to reproduce: 1. Log in as a subscriber on target WordPress site. 2. View the page source of /wp-admin and command+f to search...

Site Kit by Google < 1.8.0 - Privilege Escalation to gain Search Console Access

This flaw allows any authenticated user, regardless of capability, to become a Google Search Console owner for any site running the Site Kit by Google plugin. Steps to reproduce: 1. Log in as a subscriber on target WordPress site. 2. View the page source of /wp-admin and command+f to search for...

Google URL Inspection Tool flaw lets anyone inspect URLs without authorization

By Waqas Last year, Google launched its URL Inspection Tool for webmasters using Search Console. The purpose of this tool is to provide information about Google's indexed version of a specific page. However, now, a UK-based Search Engine Optimization SEO specialist Oliver HG Mason has discovered...

Google Chrome 71 Touts 43 Fixes, Fights Ad Abuse

Google officially lifted the curtain on Chrome 71 for Windows, Mac and Linux on Tuesday. The latest browser version touts new security features and a slew of fixes. Overall, Google issued 43 patches with the security update for Chrome 71. The newest version, 71.0.3578.80, included an array of hig...

WordPress Yoast SEO Cross Site Scripting

Discoverer: Elias Dimopoulos Linkedin: https://gr.linkedin.com/in/dimopouloselias Vulnerability: Reflected XSS Affected plugin: Yoast SEO plugin alertwindow.location!-- The victim has to have a valid profile under http://victim/wp-admin/admin.php?page=wpseosearchconsole&tab=settings example:...

WordPress Yoast SEO Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Yoast SEO plugin is one of the search engine optimization plugin. A cross-site scripting vulnerability exists in th...

Google Shares Android Nougat, Safe Browsing Security Enhancements

Google this week shared with developers security enhancements it has added to the new Nougat version of Android and additional security features for webmasters via Safe Browsing to help pinpoint harmful content on websites. Under the banner of its nine-year-long Safe Browsing initiative, Google...