WordPress多款产品 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

WordPress WP Meteor Website Speed Optimization Addon plugin <= 3.4.16 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Meteor Page Speed Optimization Topping versions = 3.4.16...

PT-2026-35910

The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'frontend rewrite' function's 'WPMETEORNWPMETEOR' placeholder content in all versions up to, and including, 3.4.16 due to insufficient input sanitization and output escaping...

Pentora

Pentora v1.0 Pentora is a terminal-first web vulnerability...

EUVD-2025-201539

The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the getcachedirforpagefromurl function in all versions up to, and including, 2.32.7. This makes it possible for...

EUVD-2024-49428

Malicious code in bioql PyPI...

EUVD-2023-56795

Malicious code in bioql PyPI...

CVE-2023-26543

Cross-Site Request Forgery CSRF vulnerability in Aleksandr Guidrevitch WP Meteor Website Speed Optimization Addon plugin = 3.1.4 versions...

CVE-2024-8800 RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more <= 2.21.0 - Reflected Cross-Site Scripting

The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and...

CVE-2024-8800 RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more <= 2.21.0 - Reflected Cross-Site Scripting

The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and...

CVE-2024-6553

The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.3.This is due to the plugin utilizing wpdesk and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to...

WordPress WP Meteor Website Speed Optimization Addon plugin <= 3.4.3 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin WP Meteor Page Speed Optimization Topping versions = 3.4.3...

Best Practices for Optimizing Web Development Standards for Media Sites

By Owais Sultan Boost user engagement and SEO ranking with these key web development practices for media sites. Discover responsive design, page speed optimization, user-friendly CMS, SEO structure, and accessibility best practices. This is a post from HackRead.com Read the original post: Best...

CVE-2023-52121

Cross-Site Request Forgery CSRF vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...

CVE-2023-52121

Mode C: A CSRF vulnerability is present in NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images (WordPress plugin). Affected versions are up to 1.10.2; the OpenVAS entry indicates the issue exists in NitroPack versions prior to 1.10.3. The vulnerabi...

CVE-2023-52121 WordPress NitroPack Plugin <= 1.10.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...

CVE-2023-26543

Cross-Site Request Forgery CSRF vulnerability in Aleksandr Guidrevitch WP Meteor Website Speed Optimization Addon plugin = 3.1.4 versions...

CVE-2023-26543

Cross-Site Request Forgery CSRF vulnerability in Aleksandr Guidrevitch WP Meteor Website Speed Optimization Addon plugin = 3.1.4 versions...

CVE-2023-26543

CVE-2023-26543 affects the WP Meteor Website Speed Optimization Addon for WordPress, versioned