Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS

Summary A stored cross-site scripting XSS vulnerability exists in SEO-related fields SEO Title and Meta Description in ApostropheCMS. Improper neutralization of user-controlled input in SEO-related fields allows injection of arbitrary JavaScript into HTML contexts, resulting in stored cross-site...

GHSA-855C-R2VQ-C292 Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS

Summary A stored cross-site scripting XSS vulnerability exists in SEO-related fields SEO Title and Meta Description in ApostropheCMS. Improper neutralization of user-controlled input in SEO-related fields allows injection of arbitrary JavaScript into HTML contexts, resulting in stored cross-site...

CVE-2026-35569

CVE-2026-35569 affects ApostropheCMS <= 4.28.0. A stored XSS in SEO fields (SEO Title and Meta Description) allows injecting JavaScript via improper output encoding into HTML contexts such as , attributes, and JSON-LD. This can enable an authenticated user to execute arbitrary JS in the admin...

GHSA-6WQW-2P9W-4VW4 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception

Summary Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control headers such as Cache-Control: private or Cache-Control: no-store, which may result in private or...

CVE-2024-10797

The CVE-2024-10797 entry concerns the WordPress plugin Full Screen Menu for Elementor. Affected: Full Screen Menu for Elementor (WordPress plugin) up to version 1.0.7. Nature: Information Exposure via the Full Screen Menu Elementor Widget, caused by insufficient restrictions on which posts can be...

WordPress Seraphinite Accelerator plugin <= 2.22.15 - Authenticated Sensitive Data Exposure vulnerability

Authenticated Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Seraphinite Accelerator versions = 2.22.15...

CVE-2024-52323

Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account...

Drupal Freelinking module < 4.0.1 - Authenticated Sensitive Data Exposure vulnerability

Authenticated Sensitive Data Exposure vulnerability discovered by Matthew Radcliffe in WordPress Module Freelinking versions 4.0.1...

WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Sensitive Data Exposure vulnerability

Authenticated Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...

WordPress Otter Blocks PRO plugin <= 2.6.11 - Authenticated Sensitive Data Exposure vulnerability

Authenticated Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Otter Blocks PRO versions = 2.6.11...