Lucene search
K

3067 matches found

Nuclei
Nuclei
added yesterday18 views

Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs that redirect to an external web site via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the...

6.1CVSS6.5AI score0.02072EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday31 views

WordPress Meta SEO <= 4.5.2 - Open Redirect

The WP Meta SEO WordPress plugin before 4.5.3 did not authorize several AJAX actions, which allowed low-privilege users to update certain data and resulted in an arbitrary redirect vulnerability. id: CVE-2023-0876 info: name: WordPress Meta SEO = 4.5.2 - Open Redirect author: Khalid6468 severity:...

6.1CVSS6.5AI score0.00713EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday84 views

Seo By 10Web < 1.2.7 - Cross-Site Scripting

The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. id:...

4.8CVSS6.6AI score0.00909EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday89 views

WordPress SEO Tools Plugin 4.0.7 - Cross-Site Scripting

The SEO Tools WordPress plugin through version 4.0.7 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'src' parameter in the rssread.php file before outputting it back in the page, which could allow attackers to execute arbitrary...

6.1CVSS7.2AI score0.00594EPSS
Exploits1References2
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-43080

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3...

6.1AI score0.00274EPSS
Exploits0References2
NVD
NVD
added 6 days ago9 views

CVE-2026-15085

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3...

5.4CVSS0.00274EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-15085 AI SEO/GEO Analyzer - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-076

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3...

0.00274EPSS
Exploits0References1
CVE
CVE
added 6 days ago13 views

CVE-2026-15085

The affected software is the Drupal AI SEO/GEO Analyzer module. It is vulnerable to Stored Cross‑site Scripting (XSS) in versions 0.0.0 through 1.1.3. The root cause, as described in the connected DRUPAL-SA-CONTRIB-2026-076 entry and PT-2026-56665, is that the module sends entity content (includi...

5.4CVSS6.1AI score0.00274EPSS
Exploits0References1
NVD
NVD
added 6 days ago8 views

CVE-2026-1667

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Arbitrary Post Creation and Stored Cross-Site Scripting in all versions up to, and including, 14.0.0 due to a leak of an API token and insufficient input sanitization and output escaping. This makes it possible for unauthenticat...

7.2CVSS0.00186EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42949

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Arbitrary Post Creation and Stored Cross-Site Scripting in all versions up to, and including, 14.0.0 due to a leak of an API token and insufficient input sanitization and output escaping. This makes it possible for unauthenticat...

7.2CVSS6.2AI score0.00186EPSS
Exploits0References2
CVE
CVE
added 6 days ago8 views

CVE-2026-1667

The CVE concerns the SEO Plugin by Squirrly SEO for WordPress (up to version 14.0.0) with a vulnerability in savePost() that allows unauthenticated users to create arbitrary posts and, if Advanced Custom Fields is installed, to inject stored XSS scripts. Root cause is a leak of an API token and i...

7.2CVSS6.2AI score0.00186EPSS
Exploits0References2
The Hacker News
The Hacker News
added 6 days ago16 views

New MODBEACON RAT Uses gRPC Streaming for Encrypted C2 Traffic

The China-linked cybercrime group known as Silver Fox has been attributed to a new Rust-based remote access trojan RAR called MODBEACON. Chinese cybersecurity company QiAnXin said that while the threat cluster may appear like a low-sophistication, high-activity operation that propagates malware v...

6.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.11 views

PT-2026-56665

Name of the Vulnerable Software and Affected Versions Drupal AI SEO/GEO Analyzer versions 0.0.0 through 1.1.3 Description Stored Cross-site Scripting XSS occurs when the module generates SEO/GEO analysis reports by sending entity content, including comments, to a Large Language Model LLM. The...

6.1AI score0.00274EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/06 12:30 a.m.10 views

EUVD-2026-41784

Cross-Site Request Forgery CSRF vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16...

4.3CVSS5.9AI score0.001EPSS
Exploits0References2
NVD
NVD
added 2026/07/05 10:16 p.m.12 views

CVE-2026-59520

Cross-Site Request Forgery CSRF vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16...

4.3CVSS0.001EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/05 9:44 p.m.8 views

CVE-2026-59520

Cross-Site Request Forgery CSRF vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16...

4.3CVSS5.9AI score0.001EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/05 9:44 p.m.28 views

CVE-2026-59520 WordPress CrawlWP SEO plugin <= 3.0.16 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16...

4.3CVSS0.001EPSS
Exploits0References1
CVE
CVE
added 2026/07/05 9:44 p.m.15 views

CVE-2026-59520

CVE-2026-59520 is a CSRF vulnerability in the WordPress plugin CrawlWP SEO (properfraction) affecting versions up to 3.0.16. Root cause: Cross-Site Request Forgery. Impact described as CSRF; CVSS 3.1 base score 4.3 (Medium). No exploitation details or patches documented in the provided sources. R...

4.3CVSS5.9AI score0.001EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.12 views

PT-2026-55827

Name of the Vulnerable Software and Affected Versions CrawlWP SEO versions prior to 3.0.17 Description A Cross-Site Request Forgery CSRF flaw exists in the CrawlWP SEO plugin. This issue allows an attacker to induce a victim into performing unwanted actions on the affected application...

4.3CVSS6AI score0.001EPSS
Exploits0References3
NVD
NVD
added 2026/07/02 12:17 p.m.4 views

CVE-2026-57357

Unauthenticated Cross Site Scripting XSS in Search Atlas SEO = 2.6.6 versions...

7.1CVSS0.00191EPSS
Exploits0References1
Rows per page
Query Builder