Exploit for CVE-2026-8832

EXPLOIT CVE-2026-8832 !Bannerhttps://img.shields.io/badge/...

WordPress WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager plugin <= 2.3.5 - Authenticated (Author+) Remote Code Execution vulnerability

Authenticated Author+ Remote Code Execution vulnerability discovered by Win3 in WordPress Plugin WPCode versions = 2.3.5...

CVE-2026-8832

The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.3.5 This is due to the 'wpcode' custom post type being registered without a custom capabilitytype or capability...

CVE-2026-8832 WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPost

The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.3.5 This is due to the 'wpcode' custom post type being registered without a custom capabilitytype or capability...

CVE-2026-8832

The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.3.5 This is due to the 'wpcode' custom post type being registered without a custom capabilitytype or capability...

PT-2026-43573

The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.3.5 This is due to the 'wpcode' custom post type being registered without a custom capability type or capability...

WordPress plugin WPCode 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2025-49944

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jonatan Jumbert WPCode Content Ratio wpcode-content-ratio allows Reflected XSS.This issue affects WPCode Content Ratio: from n/a through = 2.0...

CVE-2025-49944 WordPress WPCode Content Ratio plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jonatan Jumbert WPCode Content Ratio wpcode-content-ratio allows Reflected XSS.This issue affects WPCode Content Ratio: from n/a through = 2.0...

WordPress plugin WPCode Content Ratio 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-43205

Name of the Vulnerable Software and Affected Versions Jonatan Jumbert WPCode Content Ratio versions through 2.0 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Reflected Cross-site Scripting XSS. This means that malicio...

EUVD-2023-23856

Malicious code in bioql PyPI...

EUVD-2023-12389

Malicious code in bioql PyPI...

CVE-2023-0328

The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication such as update and delete...

CVE-2023-3524

The WPCode WordPress plugin before 2.0.13.1 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...

WordPress WPCode Lite 2.1.14 Cross Site Scripting Vulnerability

Exploit Title: Wordpress WPCode Lite Version 2.1.14 Stored XSS Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://wpcode.com/?utmsource=wprepo&utmmedium=link&utmcampaign=liteplugin Version 2.1.14 Steps to Execute the Payload: 1. Access the Admin Panel: - Navigate to the admin pan...

WordPress WPCode Lite 2.1.14 Cross Site Scripting

Exploit Title: Wordpress WPCode Lite Version 2.1.14 Stored XSS Date: 2024-06-30 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://wpcode.com/?utmsource=wprepo&utmmedium=link&utmcampaign=liteplugin Version 2.1.14 Steps to Execute the Payload: 1. Access the Admin Panel: - Navigate...

New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites

Multiple content management system CMS platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment...

WordPress WPCode - Insert Headers and Footers Plugin < 2.0.13.1 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpcode:wpcode"; ifdescription...

WordPress WPCode - Insert Headers and Footers Plugin < 2.0.9 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpcode:wpcode"; ifdescription...