3067 matches found
Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs that redirect to an external web site via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the...
WordPress Meta SEO <= 4.5.2 - Open Redirect
The WP Meta SEO WordPress plugin before 4.5.3 did not authorize several AJAX actions, which allowed low-privilege users to update certain data and resulted in an arbitrary redirect vulnerability. id: CVE-2023-0876 info: name: WordPress Meta SEO = 4.5.2 - Open Redirect author: Khalid6468 severity:...
Seo By 10Web < 1.2.7 - Cross-Site Scripting
The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. id:...
WordPress SEO Tools Plugin 4.0.7 - Cross-Site Scripting
The SEO Tools WordPress plugin through version 4.0.7 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'src' parameter in the rssread.php file before outputting it back in the page, which could allow attackers to execute arbitrary...
EUVD-2026-43080
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3...
CVE-2026-15085
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3...
CVE-2026-15085 AI SEO/GEO Analyzer - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-076
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3...
CVE-2026-15085
The affected software is the Drupal AI SEO/GEO Analyzer module. It is vulnerable to Stored Cross‑site Scripting (XSS) in versions 0.0.0 through 1.1.3. The root cause, as described in the connected DRUPAL-SA-CONTRIB-2026-076 entry and PT-2026-56665, is that the module sends entity content (includi...
CVE-2026-1667
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Arbitrary Post Creation and Stored Cross-Site Scripting in all versions up to, and including, 14.0.0 due to a leak of an API token and insufficient input sanitization and output escaping. This makes it possible for unauthenticat...
EUVD-2026-42949
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Arbitrary Post Creation and Stored Cross-Site Scripting in all versions up to, and including, 14.0.0 due to a leak of an API token and insufficient input sanitization and output escaping. This makes it possible for unauthenticat...
CVE-2026-1667
The CVE concerns the SEO Plugin by Squirrly SEO for WordPress (up to version 14.0.0) with a vulnerability in savePost() that allows unauthenticated users to create arbitrary posts and, if Advanced Custom Fields is installed, to inject stored XSS scripts. Root cause is a leak of an API token and i...
New MODBEACON RAT Uses gRPC Streaming for Encrypted C2 Traffic
The China-linked cybercrime group known as Silver Fox has been attributed to a new Rust-based remote access trojan RAR called MODBEACON. Chinese cybersecurity company QiAnXin said that while the threat cluster may appear like a low-sophistication, high-activity operation that propagates malware v...
PT-2026-56665
Name of the Vulnerable Software and Affected Versions Drupal AI SEO/GEO Analyzer versions 0.0.0 through 1.1.3 Description Stored Cross-site Scripting XSS occurs when the module generates SEO/GEO analysis reports by sending entity content, including comments, to a Large Language Model LLM. The...
EUVD-2026-41784
Cross-Site Request Forgery CSRF vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16...
CVE-2026-59520
Cross-Site Request Forgery CSRF vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16...
CVE-2026-59520
Cross-Site Request Forgery CSRF vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16...
CVE-2026-59520 WordPress CrawlWP SEO plugin <= 3.0.16 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16...
CVE-2026-59520
CVE-2026-59520 is a CSRF vulnerability in the WordPress plugin CrawlWP SEO (properfraction) affecting versions up to 3.0.16. Root cause: Cross-Site Request Forgery. Impact described as CSRF; CVSS 3.1 base score 4.3 (Medium). No exploitation details or patches documented in the provided sources. R...
PT-2026-55827
Name of the Vulnerable Software and Affected Versions CrawlWP SEO versions prior to 3.0.17 Description A Cross-Site Request Forgery CSRF flaw exists in the CrawlWP SEO plugin. This issue allows an attacker to induce a victim into performing unwanted actions on the affected application...
CVE-2026-57357
Unauthenticated Cross Site Scripting XSS in Search Atlas SEO = 2.6.6 versions...