Lucene search
K

285 matches found

Nuclei
Nuclei
added 7 hours ago6 views

YMC Filter WordPress - Unauthenticated Post Disclosure

YMC Filter WordPress plugin 3.11.3 contains a broken access control vulnerability caused by improper authorization and lack of validation in a REST API endpoint, letting unauthenticated attackers retrieve private and non-public post content, exploit requires no authentication. id: CVE-2026-10823...

7.5CVSS5.8AI score0.00921EPSS
Exploits0References2
Nuclei
Nuclei
added 7 hours ago16 views

WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts

WordPress before 5.2.4 contains an information disclosure caused by mishandling of the static query property, letting unauthenticated users view certain content, exploit requires no authentication. id: CVE-2019-17671 info: name: WordPress = 5.2.4 - Unauthenticated View Private/Draft Posts author:...

5.3CVSS6.8AI score0.36503EPSS
Exploits2References4
CVE
CVE
added 6 days ago11 views

CVE-2026-10823

CVE-2026-10823 affects the YMC Filter WordPress plugin (pre-3.11.3). The flaw stems from improper authorization of a REST API endpoint and lack of validation of a user-supplied query parameter, enabling unauthenticated attackers to retrieve titles and content from private, draft, and other non-pu...

7.5CVSS5.8AI score0.00921EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-10823 YMC Smart Filter < 3.11.3 - Unauthenticated Private/Draft Post Disclosure

The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts...

0.00921EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 4:30 a.m.9 views

CVE-2026-10780

CVE-2026-10780 affects the WordPress Static Block plugin (versions up to 2.2). The vulnerability is an Insecure Direct Object Reference in the static_block_content() shortcode handler, which retrieves a post with get_post() using an attacker-controlled id and outputs its post_content without vali...

4.3CVSS5.5AI score0.00211EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/16 4:30 a.m.28 views

CVE-2026-10780 Static Block <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode 'id' Attribute

The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the staticblockcontent shortcode handler retrieving a post via getpost using an attacker-supplied 'id' attribute and outputting its postcontent without...

4.3CVSS0.00211EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-49611

Name of the Vulnerable Software and Affected Versions Static Block versions prior to 2.3 Description The Static Block plugin for WordPress contains an Insecure Direct Object Reference. This occurs because the static block content shortcode handler uses the get post function to retrieve a post bas...

4.3CVSS6AI score0.00211EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/06/11 10:42 a.m.86 views

Exploit for CVE-2026-7665

CVE-2026-7665 — Unauthenticated Information Disclosure in Esse...

5.3CVSS5.5AI score0.0515EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/07 8:59 a.m.16 views

CVE-2026-7665

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajaxloadmore function due to insufficient restrictions on which posts can be included. This makes it possible f...

5.3CVSS5.5AI score0.0515EPSS
Exploits1References1
NVD
NVD
added 2026/06/06 4:17 a.m.13 views

CVE-2026-7665

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajaxloadmore function due to insufficient restrictions on which posts can be included. This makes it possible f...

5.3CVSS0.0515EPSS
Exploits1References14
Cvelist
Cvelist
added 2026/06/06 2:28 a.m.41 views

CVE-2026-7665 Essential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX Handler

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajaxloadmore function due to insufficient restrictions on which posts can be included. This makes it possible f...

5.3CVSS0.0515EPSS
Exploits1References14
Vulnrichment
Vulnrichment
added 2026/06/06 2:28 a.m.8 views

CVE-2026-7665 Essential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX Handler

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajaxloadmore function due to insufficient restrictions on which posts can be included. This makes it possible f...

5.3CVSS5.5AI score0.0515EPSS
Exploits1References14
CVE
CVE
added 2026/06/06 2:28 a.m.32 views

CVE-2026-7665

CVE-2026-7665 affects the WordPress plugin Essential Addons for Elementor (up to version 6.6.4). The issue arises in the ajax_load_more handler, with insufficient restrictions on which posts can be returned, enabling unauthenticated attackers to extract data from password-protected, private, or d...

5.3CVSS5.5AI score0.0515EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.26 views

PT-2026-47130

Name of the Vulnerable Software and Affected Versions Essential Addons for Elementor versions prior to 6.6.5 Description The plugin is subject to information exposure due to insufficient restrictions on the posts that can be included within the ajax load more function. This allows unauthenticated...

5.3CVSS5.5AI score0.0515EPSS
Exploits1References16
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.9 views

WordPress plugin Essential Addons for Elementor – Popular Elementor Templates & Widgets 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.4AI score0.0515EPSS
Exploits1References15
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.8 views

CVE-2025-14481

The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...

4.3CVSS5.4AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.9 views

CVE-2026-6206

The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the getpostpropertyfromquerystring function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract da...

5.3CVSS5.5AI score0.00351EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

WordPress plugin Timetable and Event Schedule by MotoPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/14 8:24 a.m.6 views

CVE-2026-6206

The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the getpostpropertyfromquerystring function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract da...

5.3CVSS5.8AI score0.00351EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/14 8:24 a.m.38 views

CVE-2026-6206 MW WP Form <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure via 'post_id' Query Parameter

The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the getpostpropertyfromquerystring function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract da...

5.3CVSS0.00351EPSS
Exploits0References3
Rows per page
Query Builder