2 matches found
CVE-2026-5737
creationtimestamp| type| source ---|---|--- 2026-05-28 06:54:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvgtbfpf62h...
CVE-2026-5737 Independent Analytics <= 2.14.9 - Unauthenticated Server-Side Request Forgery via Tracking Route
The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrerurl values when the signature matches, combined with a...