EUVD-2026-15841

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue affects Spam Protect for Contact Form 7: from n/a through = 1.2.9...

EUVD-2025-10578

Malicious code in bioql PyPI...

Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams

The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google's official app storefronts under the guise of seemingly useful applications. These apps masquerade as VPNs, device "monitoring" apps, RAM cleaners...

CVE-2025-4804

CVE-2025-4804 affects WatchGuard Fireware OS on Firebox devices, with a Stored XSS via the spamBlocker module. Affected versions are 12.0 through 12.11.1; exploitation requires an authenticated administrator session on a locally managed Firebox. Root cause is improper neutralization of input duri...

CVE-2025-32581

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ankit Singla WordPress Spam Blocker cf7-manual-spam-blocker allows Stored XSS.This issue affects WordPress Spam Blocker: from n/a through = 2.0.5...

CVE-2025-32581

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ankit Singla WordPress Spam Blocker cf7-manual-spam-blocker allows Stored XSS.This issue affects WordPress Spam Blocker: from n/a through = 2.0.5...

CVE-2025-32581

CVE-2025-32581 is a stored XSS vulnerability in WordPress Spam Blocker (WordPress plugin). The issue is described as a Cross-Site Request Forgery to Stored XSS affecting WordPress Spam Blocker versions up to and including 2.0.4. Public references (Wordfence vulnerability detail and related WordPr...

CVE-2025-32581 WordPress WordPress Spam Blocker Plugin <= 2.0.4 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ankit Singla WordPress Spam Blocker allows Stored XSS. This issue affects WordPress Spam Blocker: from n/a through 2.0.4...

CVE-2025-32581 WordPress WordPress Spam Blocker Plugin <= 2.0.5 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ankit Singla WordPress Spam Blocker cf7-manual-spam-blocker allows Stored XSS.This issue affects WordPress Spam Blocker: from n/a through = 2.0.5...

WordPress WordPress Spam Blocker Plugin <= 2.0.5 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Abdi Pranata in WordPress Plugin WordPress Spam Blocker versions = 2.0.5...

PT-2025-15796 · WordPress · Ankit Singla Wordpress Spam Blocker

Name of the Vulnerable Software and Affected Versions: Ankit Singla WordPress Spam Blocker versions 2.0.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...

WordPress plugin WordPress Spam Blocker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

WordPress WP Contact Form7 Email Spam Blocker plugin <= 1.0.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Le Ngoc Anh in WordPress Plugin WP Contact Form7 Email Spam Blocker versions = 1.0.0...

CVE-2024-13467

The WP Contact Form7 Email Spam Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-13467

The CVE-2024-13467 entry concerns the WordPress plugin WP Contact Form7 Email Spam Blocker. A Reflected Cross-Site Scripting vulnerability exists in the post parameter for all versions up to and including 1.0.0, caused by insufficient input sanitization and output escaping. This allows unauthenti...

CVE-2024-13467 WP Contact Form7 Email Spam Blocker <= 1.0.0 - Reflected Cross-Site Scripting

The WP Contact Form7 Email Spam Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-13467 WP Contact Form7 Email Spam Blocker <= 1.0.0 - Reflected Cross-Site Scripting

The WP Contact Form7 Email Spam Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

Remotely Exploitable Bug in Truecaller Puts Over 100 Million Users at Risk

Security researchers have discovered a remotely exploitable vulnerability in Called ID app "Truecaller" that could expose personal details of Millions of its users. Truecaller is a popular service that claims to "search and identify any phone number," as well as helps users block incoming calls o...