CVE-2025-14941

The GZSEO plugin for WordPress is vulnerable to authorization bypass leading to Stored Cross-Site Scripting in all versions up to, and including, 2.0.11. This is due to missing capability checks on multiple AJAX handlers combined with insufficient input sanitization and output escaping on the...

CVE-2025-14941

The GZSEO plugin for WordPress is vulnerable to authorization bypass leading to Stored Cross-Site Scripting in all versions up to, and including, 2.0.11. This is due to missing capability checks on multiple AJAX handlers combined with insufficient input sanitization and output escaping on the...

CVE-2025-14941

The GZSEO plugin for WordPress is vulnerable to authorization bypass leading to Stored Cross-Site Scripting in all versions up to, and including, 2.0.11. This is due to missing capability checks on multiple AJAX handlers combined with insufficient input sanitization and output escaping on the...

WordPress GZSEO plugin <= 2.0.11 - Authenticated (Contributor+) Authorization Bypass to Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Authorization Bypass to Stored Cross-Site Scripting vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin GZSEO versions = 2.0.11...

WordPress plugin GZSEO has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-64104

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization,...

CVE-2025-64104

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization,...

EUVD-2021-21305

Malware in sbrugna...

EUVD-2008-0675

Malware in sbrugna...

EUVD-2025-3442

Malicious code in bioql PyPI...

EUVD-2023-0754

Malicious code in bioql PyPI...

EUVD-2024-27748

Malicious code in bioql PyPI...

EUVD-2023-0800

Malicious code in bioql PyPI...

CVE-2024-50446

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FuturioWP Futurio Extra futurio-extra.This issue affects Futurio Extra: from n/a through = 2.0.11...

CVE-2024-43127

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPFactory Products, Order & Customers Export for WooCommerce allows Reflected XSS.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through 2.0.11...

CVE-2025-23810

Cross-Site Request Forgery CSRF vulnerability in Igor Sazonov Len Slider len-slider allows Reflected XSS.This issue affects Len Slider: from n/a through = 2.0.11...

CVE-2025-23810 WordPress Len Slider Plugin <= 2.0.11 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Igor Sazonov Len Slider len-slider allows Reflected XSS.This issue affects Len Slider: from n/a through = 2.0.11...

PT-2025-3714 · WordPress · Estatik Mortgage Calculator

Name of the Vulnerable Software and Affected Versions: Estatik Mortgage Calculator plugin for WordPress versions up to, and including, 2.0.11 Description: The Estatik Mortgage Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the color parameter due to insufficie...

WordPress plugin Futurio Extra 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-25852

Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights...