CVE-2026-3604

The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kcseoativetab parameter in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-3604

The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kcseoativetab parameter in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-3604 WP SEO Structured Data Schema <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_kcseo_ative_tab' Parameter

The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kcseoativetab parameter in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-67626

Cross-Site Request Forgery CSRF vulnerability in Angel Costa WP SEO Search wp-seo-search allows Cross Site Request Forgery.This issue affects WP SEO Search: from n/a through = 1.1...

CVE-2025-67626

Cross-Site Request Forgery CSRF vulnerability in Angel Costa WP SEO Search wp-seo-search allows Cross Site Request Forgery.This issue affects WP SEO Search: from n/a through = 1.1...

CVE-2025-67626 WordPress WP SEO Search plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Angel Costa WP SEO Search wp-seo-search allows Cross Site Request Forgery.This issue affects WP SEO Search: from n/a through = 1.1...

CVE-2025-67626 WordPress WP SEO Search plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Angel Costa WP SEO Search wp-seo-search allows Cross Site Request Forgery.This issue affects WP SEO Search: from n/a through = 1.1...

CVE-2025-67626

CVE-2025-67626 shows a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin WP SEO Search (wp-seo-search) by Angel Costa. Affected versions are WP SEO Search: from n/a through

WordPress plugin WP SEO Search has a vulnerability related to cross-site request forgeing.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2024-44892

Malicious code in bioql PyPI...

CVE-2021-24832

The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack...

CVE-2025-4127

The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Price Range’ parameter in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-4127 WP SEO Structured Data Schema <= 2.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Settings

The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Price Range’ parameter in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2025-6151 · Meta · Imessenger

Name of the Vulnerable Software and Affected Versions: WP SEO Plugin affected versions not specified Description: The issue concerns a SQL injection in the WP SEO Plugin. There is also mention of a Denial of Service DoS vulnerability affecting Messenger Group Calls on iOS devices. Recommendations...

CVE-2024-50465

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP SEO – Calin Vingan Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 1.6.001...

CVE-2024-50465 WordPress Premium SEO Pack plugin <= 1.6.001 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP SEO – Calin Vingan Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 1.6.001...

CVE-2023-6290 WP SEO Press < 7.3 - Admin+ Stored XSS

The SEOPress WordPress plugin before 7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2021-24832

The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack...

Cross site request forgery (csrf)

The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack...

CVE-2021-24832

The CVE-2021-24832 entry describes a CSRF vulnerability in WordPress WP SEO Redirect 301 plugin (versions before 2.3.2). The issue arises when deleting redirects, allowing an authenticated attacker to induce a logged-in admin to perform deletions via CSRF. Affected component: the plugin’s redirec...