CVE-2026-1378 WP Posts Re-order <= 1.0 - Cross-Site Request Forgery to Settings Update

The WP Posts Re-order plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the cptpluginoptions function. This makes it possible for unauthenticated attackers to update the plugin settings including...

CVE-2025-12002

The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sbycheckwpsubmit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it possib...

CVE-2025-12002

The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sbycheckwpsubmit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it possib...

EUVD-2026-3158

The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sbycheckwpsubmit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it possib...

EUVD-2025-8292

Malicious code in bioql PyPI...

EUVD-2025-11306

Malicious code in bioql PyPI...

EUVD-2025-8572

Malicious code in bioql PyPI...

EUVD-2025-17125

Malicious code in bioql PyPI...

CVE-2025-52802

CVE-2025-52802 describes a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin “Import YouTube videos as WP Posts” (versions n/a–2.1). The issue arises from incorrectly configured access control, enabling unauthorized actions that affect WP Posts created via the pl...

CVE-2025-39358

Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through = 1.3.12...

CVE-2025-39358

Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through = 1.3.12...

CVE-2025-39358 WordPress WP Posts Carousel <= 1.3.12 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through = 1.3.12...

CVE-2025-39358

CVE-2025-39358 affects WordPress plugin WP Posts Carousel (versions up to and including 1.3.12). The vulnerability is Deserialization of Untrusted Data leading to PHP Object Injection, reported for authenticated contexts (Contributor+). Patchstack and CVE records indicate the issue is fixed in ve...

CVE-2025-39358 WordPress WP Posts Carousel <= 1.3.12 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through = 1.3.12...

PT-2025-24078 · WordPress · Wp Posts Carousel

Name of the Vulnerable Software and Affected Versions: WP Posts Carousel versions 1.3.12 and earlier Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection in WP Posts Carousel. Recommendations: For WP Posts Carousel versions 1.3.12 and earlier, upda...

CVE-2025-39573

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Carousel: from n/a through = 1.3.10...

CVE-2025-39573

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Carousel: from n/a through = 1.3.10...

CVE-2025-39573

CVE-2025-39573 affects the WordPress plugin WP Posts Carousel up to version 1.3.10, with a stored XSS flaw caused by improper input neutralization during web page generation. The vulnerability has been characterized with CVSS v3.1 base score 6.5 (Medium) by Patchstack/Wordfence assessments. Publi...

CVE-2025-39573 WordPress WP Posts Carousel <= 1.3.10 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in teastudio.pl WP Posts Carousel allows Stored XSS. This issue affects WP Posts Carousel: from n/a through 1.3.10...

PT-2025-16601 · WordPress · Wp Posts Carousel

Name of the Vulnerable Software and Affected Versions: WP Posts Carousel versions 1.3.10 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For WP...