CVE-2026-3604 WP SEO Structured Data Schema <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_kcseo_ative_tab' Parameter

The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kcseoativetab parameter in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-3604

The CVE-2026-3604 entry concerns the WordPress plugin WP SEO Structured Data Schema (versions up to and including 2.8.1). The vulnerability is a Stored Cross‑Site Scripting (XSS) via the _kcseo_ative_tab parameter, caused by insufficient input sanitization and output escaping. Attackers with Cont...

WordPress SEO Help plugin <= 6.1.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin SEO Help versions = 6.1.3...

CVE-2025-67626

Cross-Site Request Forgery CSRF vulnerability in Angel Costa WP SEO Search wp-seo-search allows Cross Site Request Forgery.This issue affects WP SEO Search: from n/a through = 1.1...

CVE-2025-68019 WordPress SEO Booster plugin <= 6.1.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Booster: from n/a through = 6.1.8...

PT-2026-4019

Name of the Vulnerable Software and Affected Versions Angel Costa WP SEO Search versions through 1.1 Description The software contains a Cross-Site Request Forgery CSRF flaw. This allows attackers to potentially perform actions on behalf of authenticated users without their knowledge...

CVE-2025-62097

CVE-2025-62097 — SEO Slider (SEOthemes) WordPress plugin suffers a DOM-based XSS due to improper input neutralization during page generation. The vulnerability is reported as an authenticated (Contributor+ or higher) Stored Cross-Site Scripting, with CVSS v3.1 base score 6.5 (MEDIUM). Wordfence n...

CVE-2025-60059 WordPress smart SEO theme <= 2.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes smart SEO smartSEO allows PHP Local File Inclusion.This issue affects smart SEO: from n/a through = 2.12...

EUVD-2021-11308

Malware in sbrugna...

EUVD-2012-6534

Malware in sbrugna...

EUVD-2015-2390

Malware in sbrugna...

EUVD-2024-32140

Malicious code in bioql PyPI...

CVE-2025-53456 WordPress SEO Backlink Monitor plugin <= 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in activewebsight SEO Backlink Monitor seo-backlink-monitor allows Cross Site Request Forgery.This issue affects SEO Backlink Monitor: from n/a through = 1.8.0...

CVE-2025-4611

The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slimseobreadcrumbs shortcode in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2024-3287

The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the savesettings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticate...

CVE-2025-30984 WordPress SEO Tools plugin <= 4.0.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dzynit SEO Tools seo-automatic-seo-tools allows Reflected XSS.This issue affects SEO Tools: from n/a through = 4.0.7...

CVE-2025-32675

CVE-2025-32675 affects the WordPress SEO Help plugin (QuantumCloud SEO Help) up to version 6.6.0; a Server-Side Request Forgery (SSRF) vulnerability exists that can be triggered by an authenticated administrator. Impact: confidentiality may be exposed; CVSS 3.1 base score 6.8. Remediation: update...

CVE-2025-32675 WordPress SEO Help plugin <= 6.6.0 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in QuantumCloud SEO Help allows Server Side Request Forgery. This issue affects SEO Help: from n/a through 6.6.0...

WordPress SEO Manager Plugin <= 1.9 is vulnerable to Cross Site Scripting (XSS)

Software SEO Manager Type Plugin Vulnerable versions = 1.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9521 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 00863c67821a Credits István Márton Required privilege...

WordPress plugin Premium SEO Pack – WP SEO Plugin 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. WordPress plugin Premium S...