53 matches found
EUVD-2026-42949
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Arbitrary Post Creation and Stored Cross-Site Scripting in all versions up to, and including, 14.0.0 due to a leak of an API token and insufficient input sanitization and output escaping. This makes it possible for unauthenticat...
CVE-2026-52702 WordPress SEO Redirection plugin <= 9.17 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in SEO Redirection = 9.17 versions...
CVE-2026-3604
The CVE-2026-3604 entry concerns the WordPress plugin WP SEO Structured Data Schema (versions up to and including 2.8.1). The vulnerability is a Stored Cross‑Site Scripting (XSS) via the _kcseo_ative_tab parameter, caused by insufficient input sanitization and output escaping. Attackers with Cont...
CVE-2026-3604 WP SEO Structured Data Schema <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_kcseo_ative_tab' Parameter
The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kcseoativetab parameter in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress SEO Help plugin <= 6.1.3 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin SEO Help versions = 6.1.3...
CVE-2025-67626
Cross-Site Request Forgery CSRF vulnerability in Angel Costa WP SEO Search wp-seo-search allows Cross Site Request Forgery.This issue affects WP SEO Search: from n/a through = 1.1...
CVE-2025-68019 WordPress SEO Booster plugin <= 6.1.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Booster: from n/a through = 6.1.8...
PT-2026-4019
Name of the Vulnerable Software and Affected Versions Angel Costa WP SEO Search versions through 1.1 Description The software contains a Cross-Site Request Forgery CSRF flaw. This allows attackers to potentially perform actions on behalf of authenticated users without their knowledge...
CVE-2025-62097
CVE-2025-62097 — SEO Slider (SEOthemes) WordPress plugin suffers a DOM-based XSS due to improper input neutralization during page generation. The vulnerability is reported as an authenticated (Contributor+ or higher) Stored Cross-Site Scripting, with CVSS v3.1 base score 6.5 (MEDIUM). Wordfence n...
CVE-2025-60059 WordPress smart SEO theme <= 2.12 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes smart SEO smartSEO allows PHP Local File Inclusion.This issue affects smart SEO: from n/a through = 2.12...
EUVD-2012-6534
Malware in sbrugna...
EUVD-2015-2390
Malware in sbrugna...
EUVD-2021-11308
Malware in sbrugna...
EUVD-2024-32140
Malicious code in bioql PyPI...
CVE-2025-53456 WordPress SEO Backlink Monitor plugin <= 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in activewebsight SEO Backlink Monitor seo-backlink-monitor allows Cross Site Request Forgery.This issue affects SEO Backlink Monitor: from n/a through = 1.8.0...
CVE-2025-4611
The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slimseobreadcrumbs shortcode in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2024-3287
The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the savesettings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticate...
CVE-2025-30984 WordPress SEO Tools plugin <= 4.0.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dzynit SEO Tools seo-automatic-seo-tools allows Reflected XSS.This issue affects SEO Tools: from n/a through = 4.0.7...
CVE-2025-32675 WordPress SEO Help plugin <= 6.6.0 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in QuantumCloud SEO Help allows Server Side Request Forgery. This issue affects SEO Help: from n/a through 6.6.0...
CVE-2025-32675
CVE-2025-32675 affects the WordPress SEO Help plugin (QuantumCloud SEO Help) up to version 6.6.0; a Server-Side Request Forgery (SSRF) vulnerability exists that can be triggered by an authenticated administrator. Impact: confidentiality may be exposed; CVSS 3.1 base score 6.8. Remediation: update...