35 matches found
CVE-2024-24755
discourse-group-membership-ip-block is a discourse plugin that adds support for adding users to groups based on their IP address. discourse-group-membership-ip-block was sending all group custom fields to the client, including group custom fields from other plugins which may expect their custom...
CVE-2023-44384
Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the discoursejiraverboselog site setting. A moderator user cou...
CVE-2022-39279
discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting XSS attack by inserting unsafe HTML into them...
CVE-2025-46824
The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin...
CVE-2025-46824
The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin...
CVE-2024-35168 WordPress WP Discourse plugin <= 2.5.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Discourse WP Discourse.This issue affects WP Discourse: from n/a through 2.5.1...
WordPress plugin WP Discourse security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WP Discourse < 2.5.2 - Missing Authorization
Description The WP Discourse plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorize...
WordPress WP Discourse plugin <= 2.5.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin WP Discourse versions = 2.5.1...
PT-2024-13342 · Discourse · Discourse-Microsoft-Auth
Name of the Vulnerable Software and Affected Versions: discourse-microsoft-auth plugin affected versions not specified Description: The discourse-microsoft-auth plugin enables authentication via Microsoft. On sites with this plugin enabled, an attack can potentially take control of a victim's...
CVE-2024-24755
The CVE-2024-24755 entry concerns the Discourse plugin discourse-group-membership-ip-block. The connected sources describe a information-disclosure vulnerability where the plugin sends all group custom fields to the client, including fields from other plugins that are expected to remain secret. A...
PT-2024-20533 · Discourse · Discourse-Group-Membership-Ip-Block
Name of the Vulnerable Software and Affected Versions: discourse-group-membership-ip-block affected versions not specified Description: The discourse-group-membership-ip-block plugin sends all group custom fields to the client, including fields from other plugins that may be expected to remain...
CVE-2023-25169
discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. In affected versions a user present in a yearly review topic that is then anonymised will still have some data linked to its original account. This issue has been patched in commit b3ab33bbf7 which is...
CVE-2023-25169
CVE-2023-25169 affects the Discourse Yearly Review plugin. In affected versions, a user appearing in a yearly review topic that is later anonymised may still have data linked to the original account. The issue has been patched in commit b3ab33bbf7 and is included in the latest plugin version. Mit...
CVE-2023-25169 Yearly Review Plugin leaking anonymised users data in discourse-yearly-review
discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. In affected versions a user present in a yearly review topic that is then anonymised will still have some data linked to its original account. This issue has been patched in commit b3ab33bbf7 which is...