CVE-2026-22216 wpDiscuz before 7.6.47 - No Rate Limiting on Subscription Endpoints with LIKE Wildcard Bypass

wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard...

WordPress plugin wpDiscuz 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

PT-2026-25148

wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard...

WordPress plugin Popup Builder – Create highly converting, mobile friendly marketing popups 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Email posts to subscribers <= 6.2 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Email Subscribers & Newsletters Cross-Site Request Forgery Vulnerability (CNVD-2020-44908)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Email Subscribers & Newsletters is an email subscription and newsletter plugin used in it. A cross-site request forgery vulnerability...

[security bulletin] HPSBMA02598 SSRT100314 rev.2 - HP Insight Control Virtual Machine Management for Windows, Remote Cross Site Scripting &#40;XSS&#41;, Denial of Service &#40;DoS&#41;, Cross Site Request Forgery &#40;CSRF&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02560655 Version: 2 HPSBMA02598 SSRT100314 rev.2 - HP Insight Control Virtual Machine Management for Windows, Remote Cross Site Scripting XSS, Denial of Service DoS, Cross Site Request Forgery CS...