CVE-2017-18554

The analytics-tracker plugin before 1.1.1 for WordPress has XSS via a search event...

EUVD-2015-9334

Malware in sbrugna...

EUVD-2021-11185

Malware in sbrugna...

EUVD-2017-9616

Malware in sbrugna...

EUVD-2017-9695

Malware in sbrugna...

EUVD-2016-1989

Malware in sbrugna...

EUVD-2015-9241

Malware in sbrugna...

EUVD-2021-11210

Malware in sbrugna...

EUVD-2023-28067

Malicious code in bioql PyPI...

WordPress StreamWeasels YouTube Integration plugin <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gai Tanaka in WordPress Plugin StreamWeasels YouTube Integration versions = 1.4.0...

WordPress CRM and Lead Management by vcita plugin <= 2.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via type Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via type Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin CRM and Lead Management by vcita versions = 2.7.5...

WordPress Gutentor plugin <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by Webbernaut in WordPress Plugin Gutentor versions = 3.4.8...

WordPress Live Stream Badger plugin <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Live Stream Badger versions = 1.4.3...

CVE-2025-6997 ThemeREX Addons <= 2.35.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trx_addons_get_svg_from_file Function

The ThemeREX Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.35.1.1 due to insufficient input sanitization and output escaping. The plugin’s SVG rendering routine calls the trxaddonsgetsvgfromfile function on an...

WordPress FoodMenu <= 1.20 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin FoodMenu versions = 1.20...

WordPress WPAdverts plugin <= 2.2.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin WPAdverts versions = 2.2.5...

CVE-2025-48345

CVE-2025-48345 : Reflected XSS in the WordPress plugin Contact Form 7 Editor Button (versions ≤ 1.0.0). Root cause is improper input neutralization during web page generation, enabling a reflected payload to run in a victim’s browser. Affected software is the Contact Form 7 Editor Button plugin f...

WordPress Gwolle Guestbook plugin <= 4.9.2 - Unauthenticated Stored Cross-Site Scripting via `gwolle_gb_content` Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via gwollegbcontent Parameter vulnerability discovered by zer0gh0st in WordPress Plugin Gwolle Guestbook versions = 4.9.2...

WordPress Infility Global plugin <= 2.13.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by astra.r3verii in WordPress Plugin Infility Global versions = 2.13.4...

CVE-2025-24771 WordPress Content Manager Light plugin <= 3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes Content Manager Light allows Reflected XSS. This issue affects Content Manager Light: from n/a through 3.2...