CVE-2025-12527

The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydevnotessavedashboarddata' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

WordPress Page & Post Notes plugin <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Note Update/Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Note Update/Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Page & Post Notes versions = 1.3.4...

EUVD-2025-3367

Malicious code in bioql PyPI...

CVE-2025-23715

Cross-Site Request Forgery CSRF vulnerability in RaymondDesign Post & Page Notes post-page-notes allows Stored XSS.This issue affects Post & Page Notes: from n/a through = 0.1.1...

CVE-2025-23715 WordPress Post & Page Notes plugin <= 0.1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in RaymondDesign Post & Page Notes post-page-notes allows Stored XSS.This issue affects Post & Page Notes: from n/a through = 0.1.1...

CVE-2025-23715 WordPress Post & Page Notes plugin <= 0.1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in RaymondDesign Post & Page Notes post-page-notes allows Stored XSS.This issue affects Post & Page Notes: from n/a through = 0.1.1...

CVE-2025-23715

CVE-2025-23715 is a CSRF-based vulnerability affecting RaymondDesign Post & Page Notes. The connected Red Hat entry confirms the issue and states that the CSRF allows Stored XSS in Post & Page Notes, affecting versions up to 0.1.1 (and n/a to 0.1.1 as described). Public references point to the Po...

WordPress Post & Page Notes plugin <= 0.1.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Post & Page Notes versions = 0.1.1...

WordPress plugin Post & Page Notes 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin Post & Pa...

CVE-2022-31485

An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior t...

CVE-2022-31485

An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior t...