SEOPress < 7.9 - Authentication Bypass

The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, compromising the site if a suitable chain is present. id:...

CVE-2026-57430

Contributor Broken Access Control in SEOPress PRO = 9.1.1 versions...

EUVD-2026-39738

Contributor Broken Access Control in SEOPress PRO = 9.1.1 versions...

CVE-2026-57430

CVE-2026-57430 : WordPress SEOPress PRO plugin versions ≤ 9.1.1 have a Broken Access Control vulnerability. Context: CVSS v3.1 base score 4.3 (MEDIUM); attack vector Network , complexity Low , privileges required Low , user interaction None ; impact in confidentiality, integrity, availability as ...

CVE-2026-57430 WordPress SEOPress PRO plugin <= 9.1.1 - Broken Access Control vulnerability

Contributor Broken Access Control in SEOPress PRO = 9.1.1 versions...

WordPress SEOPress PRO plugin <= 9.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by MD Shariful Islam in WordPress Plugin SEOPress PRO versions = 9.1.1...

WordPress SEOPress - On-site SEO plugin <= 7.5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress SEOPress - On-site SEO plugin = 7.5.2.1 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Daffa in WordPress Plugin SEOPress versions = 7.5.2.1...

CVE-2024-34383

Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.This issue affects SEOPress: from n/a through 7.7.1...

CVE-2024-2165

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt parameter in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access...

EUVD-2021-21291

Malware in sbrugna...

EUVD-2024-44882

Malicious code in bioql PyPI...

EUVD-2024-44881

Malicious code in bioql PyPI...

EUVD-2024-16907

Malicious code in bioql PyPI...

EUVD-2025-25370

Malicious code in bioql PyPI...

EUVD-2024-27129

Malicious code in bioql PyPI...

EUVD-2024-16936

Malicious code in bioql PyPI...

EUVD-2024-44883

Malicious code in bioql PyPI...

EUVD-2024-49804

Malicious code in bioql PyPI...

EUVD-2024-34755

Malicious code in bioql PyPI...

CVE-2025-48298

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Benjamin Denis SEOPress for MainWP seopress-for-mainwp allows PHP Local File Inclusion.This issue affects SEOPress for MainWP: from n/a through = 1.4...