CVE-2026-22210 wpDiscuz before 7.6.47 - Cross-Site Scripting via Unescaped Attachment URLs

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class. Attackers can craft malicious attachment records or filter hooks to inject arbitrary...

CVE-2026-22210

CVE-2026-22210 affects the WordPress plugin wpDiscuz prior to version 7.6.47. The issue is a cross-site scripting (XSS) vulnerability in the WpdiscuzHelperUpload class that allows injecting arbitrary JavaScript into image and anchor tag attributes via unescaped attachment URLs in HTML output. Att...

CVE-2025-13820

The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user when knowing their email address when such user does not have an account on disqus.com yet...

GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites

The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard...

CVE-2025-12094 OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) <= 1.2.53 - Unauthenticated IP Header Spoofing

The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments No CAPTCHA plugin for WordPress is vulnerable to IP Header Spoofing in all versions up to, and including, 1.2.53. This is due to the plugin trusting client-controlled forwarded headers such as CF-Connecting-IP, X-Forwarded-For,...

EUVD-2018-3555

Malware in sbrugna...

EUVD-2025-30464

Malicious code in bioql PyPI...

CVE-2025-3919 WordPress Comments Import & Export <= 2.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savesettings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and escape FTP settings...

CVE-2024-31235

Cross-Site Request Forgery CSRF vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5...

CVE-2022-2398

The WordPress Comments Fields WordPress plugin before 4.1 does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-54406 WordPress Comments On Feed plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in moallemi Comments On Feed comments-on-feed allows Reflected XSS.This issue affects Comments On Feed: from n/a through = 1.2.1...

CVE-2024-54406 WordPress Comments On Feed plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Reza Moallemi Comments On Feed allows Reflected XSS.This issue affects Comments On Feed: from n/a through 1.2.1...

WordPress WordPress Comments Import & Export Plugin <= 2.3.7 is vulnerable to Directory Traversal

Software WordPress Comments Import & Export Type Plugin Vulnerable versions = 2.3.7 Fixed in 2.3.9 OWASP Top 10 A3: Injection Classification Directory Traversal CVE CVE-2024-7514 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 06055d28d8b6 Credits scottaglia Required...

PT-2024-37811 · WordPress · Wpdiscuz

Name of the Vulnerable Software and Affected Versions: The Comments – wpDiscuz plugin for WordPress versions prior to 7.6.22 Description: The issue is related to HTML Injection due to a lack of filtering of HTML tags in comments. This allows unauthenticated attackers to add HTML, such as...

WordPress Comments Evolved for WordPress Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Comments Evolved for WordPress Type Plugin Vulnerable versions = 1.6.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34420 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ad6d473680e3 Credits Sharanabasappa Required...

WordPress Comments Import & Export plugin <= 2.3.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin WordPress Comments Import & Export versions = 2.3.5...

WordPress WordPress Comments Fields Plugin <= 5.0 is vulnerable to Broken Access Control

Software WordPress Comments Fields Type Plugin Vulnerable versions = 5.0 Fixed in 5.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0829 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID cdb4c1c8e480 Credits Francesco Carlucci...

WordPress WordPress Comments Fields Plugin <= 5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software WordPress Comments Fields Type Plugin Vulnerable versions = 5.0 Fixed in 5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0830 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9c14d6f7a75c Credits Francesco...

WordPress Comments Like Dislike Plugin <= 1.2.2 is vulnerable to Bypass Vulnerability

Software Comments Like Dislike Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A1: Broken Access Control Classification Bypass Vulnerability CVE CVE-2024-25906 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a646d3bbd927 Credits Mika Required privilege...

CVE-2022-45370 WordPress WordPress Comments Import & Export plugin <= 2.3.1 - CSV Injection

A vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce.This issue affects Comments Import & Export: from n/a through = 2.3.1...