EUVD-2026-33744

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...

CVE-2023-49820

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Gordon Böhme, Antonio Leutsch Structured Content JSON-LD wpsc allows Stored XSS.This issue affects Structured Content JSON-LD wpsc: from n/a through 1.5.3...

CVE-2023-49819

Deserialization of Untrusted Data vulnerability in Gordon Böhme, Antonio Leutsch Structured Content JSON-LD wpsc.This issue affects Structured Content JSON-LD wpsc: from n/a through 1.5.3...

WordPress Structured Content (JSON-LD) #wpsc plugin <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_fs_local_business Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via scfslocalbusiness Shortcode vulnerability discovered by shaman0x01 - Shaman Red Team in WordPress Plugin Structured Content versions = 1.6.3...

EUVD-2024-40199

Malicious code in bioql PyPI...

EUVD-2022-52027

Malicious code in bioql PyPI...

EUVD-2025-8291

Malicious code in bioql PyPI...

EUVD-2025-24669

Malicious code in bioql PyPI...

EUVD-2024-22202

Malicious code in bioql PyPI...

EUVD-2023-53728

Malicious code in bioql PyPI...

CVE-2025-3414

The Structured Content JSON-LD wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress Structured Content plugin < 1.7.0 - Contributor Stored XSS vulnerability

Contributor Stored XSS vulnerability discovered by Krugov Aryom in WordPress Plugin Structured Content versions 1.7.0...

CVE-2025-3414

The Structured Content JSON-LD wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2025-3414

CVE-2025-3414 affects WordPress plugin Structured Content (JSON-LD) for the wpsc block, vulnerable before 1.7.0. The issue is that block options are not consistently validated/escaped before being output in a page/post where the block is embedded, enabling stored XSS by users with contributor rol...

CVE-2025-3414 Structured Content < 1.7.0 - Contributor Stored XSS

The Structured Content JSON-LD wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2025-3414 Structured Content < 1.7.0 - Contributor Stored XSS

The Structured Content JSON-LD wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2025-33125 · WordPress · Structured Content (Json-Ld) #Wpsc

Name of the Vulnerable Software and Affected Versions: Structured Content JSON-LD wpsc WordPress plugin versions prior to 1.7.0 Description: The Structured Content JSON-LD wpsc WordPress plugin does not validate and escape certain block options before displaying them within a page or post,...

WordPress plugin Structured Content (JSON-LD) 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on servers running PHP and MySQL.WordPress plugin is an...

WordPress structured content cross-site scripting vulnerability

WordPress structured content is a technology that improves search result display and click-through rates by optimizing semantic markup of web page elements e.g., titles, descriptions, images, etc. to enhance search engine understanding of page content. A cross-site scripting vulnerability exists ...

CVE-2025-4608

The Structured Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's scfslocalbusiness shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...