CVE-2025-11983 WP Discourse <= 2.5.9 - Authenticated (Author+) Information Exposure

The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...

Azur3Alph4 - A PowerShell Module That Automates Red-Team Tasks For Ops On Objective

Azur3Alph4 is a PowerShell module that automates red-team tasks for ops on objective. This module situates in a post-breach RCE achieved position. Token extraction and many other tools will not execute successfully without starting in this position. This module should be used for further...

CVE-2021-39342

The CredovaFinancial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8...

Breadcrumb NavXT <= 6.1.0 - Username Disclosure via REST API

The Breadcrumb NavXT WordPress plugin was affected by an Username Disclosure via REST API security vulnerability. http://www.example.com/wp-json/bcn/v1/author/1...