EUVD-2026-34925

The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

CVE-2017-18499

The simple-membership plugin before 3.5.7 for WordPress has XSS...

CVE-2023-31236

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in unFocus Projects Scripts n Styles plugin = 3.5.7 versions...

EUVD-2019-6505

Malware in sbrugna...

EUVD-2022-43152

Malicious code in bioql PyPI...

EUVD-2024-34407

Malicious code in bioql PyPI...

EUVD-2023-44795

Malicious code in bioql PyPI...

EUVD-2023-23806

Malicious code in bioql PyPI...

EUVD-2025-5909

Malicious code in bioql PyPI...

EUVD-2025-13801

Malicious code in bioql PyPI...

EUVD-2024-51715

Malicious code in bioql PyPI...

CVE-2025-9854

The A Simple Multilanguage Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'asmp-switcher' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

WordPress Product XML Feed Manager for WooCommerce Plugin <= 2.9.3 - Remote Code Execution (RCE) Vulnerability

Remote Code Execution RCE Vulnerability discovered by theviper17 in WordPress Plugin Product XML Feed Manager for WooCommerce versions = 2.9.3...

CVE-2025-7835 iThoughts Advanced Code Editor <= 1.2.10 - Cross-Site Request Forgery to Settings Update

The iThoughts Advanced Code Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.10. This is due to missing or incorrect nonce validation on the 'ithoughtsaceupdateoptions' AJAX action. This makes it possible for unauthenticated attacke...

CVE-2025-6261 Fleetwire Fleet Management Plugin <= 1.0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via fleetwire_list Shortcode

The Fleetwire Fleet Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fleetwirelist shortcode in all versions up to, and including, 1.0.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-27844 · WordPress · Wp Human Resource Management

Name of the Vulnerable Software and Affected Versions: WP Human Resource Management plugin for WordPress versions 2.0.0 through 2.2.17 Description: The issue arises from a missing authorization within the ajax delete employee function, allowing authenticated attackers with Employee-level access a...

CVE-2025-3702

CVE-2025-3702 describes a Missing Authorization (broken access control) vulnerability in the WordPress Melapress File Monitor plugin, affecting versions prior to 2.2.0. Multiple sources consolidate the same issue. The root cause is improperly configured access control levels that can be exploited...

WordPress LifterLMS plugin <= 8.0.6 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by ChuongVN in WordPress Plugin LifterLMS versions = 8.0.6...

WordPress plugin Beauty Contact Popup Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

CVE-2025-31889 WordPress Extensions for Elementor plugin <= 2.0.40 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in petesheppard84 Extensions for Elementor. This issue affects Extensions for Elementor: from n/a through 2.0.40...