CVE-2026-2358

The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wpulikelikersbox shortcode template attribute in all versions up to, and including, 5.0.1. This is due to the use of htmlentitydecode on shortcode attributes without subsequent output sanitization, which...

EUVD-2022-48696

Malicious code in bioql PyPI...

EUVD-2024-17522

Malicious code in bioql PyPI...

CVE-2024-7878

The WP ULike WordPress plugin before 4.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-1572

The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpulike' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on the user supplied 'wrapperclass' attribute. This makes it possible for...

CVE-2024-6094

The WP ULike WordPress plugin before 4.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-1759

The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-7879

The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

Exploit for CVE-2025-32259

WP ULike ≤ 4.7.9.1 - Unauthenticated Content Spoof CVE-2025-3...

CVE-2024-12770

The WP ULike WordPress plugin before 4.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-12770

The WP ULike WordPress plugin before 4.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-12770

The WP ULike WordPress plugin before 4.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-12770

CVE-2024-12770 affects the WP ULike WordPress plugin (versions before 4.7.6). An attacker with high privileges (e.g., admin) can trigger a Stored Cross-Site Scripting vulnerability due to unsanitized/escaped settings, even when unfiltered_html is disallowed (e.g., multisite). Impact per provided ...

CVE-2024-12770 WP ULike < 4.7.6 - Admin+ Stored XSS

The WP ULike WordPress plugin before 4.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2025-21443 · WordPress · Wp Ulike

Name of the Vulnerable Software and Affected Versions: WP ULike WordPress plugin versions prior to 4.7.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for...

CVE-2024-1797

The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to SQL Injection via the 'status' and 'id' attributes of the 'wpulikecounter' and 'wpulike' shortcodes in all versions up to, and including, 4.6.9 due to insufficient escaping on the user supplied paramete...

CVE-2025-22738 WordPress WP ULike plugin <= 4.7.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alimir WP ULike wp-ulike allows Stored XSS.This issue affects WP ULike: from n/a through = 4.7.6...

CVE-2024-7878 WP ULike < 4.7.4 - Admin+ Stored XSS

The WP ULike WordPress plugin before 4.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6094

The WP ULike WordPress plugin before 4.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-1572 WP ULike <= 4.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpulike' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on the user supplied 'wrapperclass' attribute. This makes it possible for...