CVE-2026-2358

The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wpulikelikersbox shortcode template attribute in all versions up to, and including, 5.0.1. This is due to the use of htmlentitydecode on shortcode attributes without subsequent output sanitization, which...

CVE-2026-0909

The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the wpulikedeletehistoryapi AJAX action not verifying that the log entry being deleted belongs to the current user. This makes it possible for...

CVE-2023-45640

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in TechnoWich WP ULike – Most Advanced WordPress Marketing Toolkit plugin = 4.6.8 versions...

EUVD-2018-1906

Malware in sbrugna...

EUVD-2018-1909

Malware in sbrugna...

EUVD-2025-2956

Malicious code in bioql PyPI...

EUVD-2022-48696

Malicious code in bioql PyPI...

EUVD-2023-49932

Malicious code in bioql PyPI...

EUVD-2024-17522

Malicious code in bioql PyPI...

EUVD-2025-10446

Malicious code in bioql PyPI...

PT-2025-34960

Name of the Vulnerable Software and Affected Versions: WP ULike Pro versions prior to 1.9.4 Description: The WP ULike Pro plugin for WordPress is susceptible to arbitrary file uploads due to inadequate file type validation within the WP Ulike Pro File Uploader class. This allows unauthenticated...

CVE-2025-22738

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alimir WP ULike wp-ulike allows Stored XSS.This issue affects WP ULike: from n/a through = 4.7.6...

CVE-2024-7878

The WP ULike WordPress plugin before 4.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-1572

The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpulike' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on the user supplied 'wrapperclass' attribute. This makes it possible for...

CVE-2024-6094

The WP ULike WordPress plugin before 4.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-1759

The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-7879

The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

Exploit for CVE-2025-32259

WP ULike ≤ 4.7.9.1 - Unauthenticated Content Spoof CVE-2025-3...

CVE-2024-12770

The WP ULike WordPress plugin before 4.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-12770

The WP ULike WordPress plugin before 4.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...