CVE-2025-12527

CVE-2025-12527 affects the WordPress plugin Page & Post Notes. A missing capability check in yydev_notes_save_dashboard_data allows authenticated users with Subscriber+ privileges to modify notes in all versions up to 1.3.4. Wordfence and PTSecurity indicate the issue is fixed in a later release ...

CVE-2025-12527 Page & Post Notes <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Note Update/Deletion

The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydevnotessavedashboarddata' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

WordPress Page & Post Notes plugin <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Note Update/Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Note Update/Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Page & Post Notes versions = 1.3.4...

PT-2025-45410

Name of the Vulnerable Software and Affected Versions Page & Post Notes plugin for WordPress versions prior to 1.3.5 Description The Page & Post Notes plugin for WordPress has a flaw that allows unauthorized modification of notes. This is due to a missing capability check within the yydev notes...

WordPress plugin Page & Post Notes 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in...

EUVD-2024-36761

Malicious code in bioql PyPI...

EUVD-2024-29793

Malicious code in bioql PyPI...

CVE-2024-31935

Cross-Site Request Forgery CSRF vulnerability in BracketSpace Simple Post Notes.This issue affects Simple Post Notes: from n/a through 1.7.6...

CVE-2024-37562

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BracketSpace Simple Post Notes allows Stored XSS.This issue affects Simple Post Notes: from n/a through 1.7.7...

CVE-2022-2186

The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2025-23715

Cross-Site Request Forgery CSRF vulnerability in RaymondDesign Post & Page Notes post-page-notes allows Stored XSS.This issue affects Post & Page Notes: from n/a through = 0.1.1...

CVE-2024-37562

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BracketSpace Simple Post Notes allows Stored XSS.This issue affects Simple Post Notes: from n/a through 1.7.7...

CVE-2024-37562

CVE-2024-37562 affects the WordPress plugin “Simple Post Notes” and is described as an “Improper Neutralization of Input During Web Page Generation” (Stored XSS). The initial and connected records consistently note the issue as a Stored XSS vulnerability that affects Simple Post Notes versions n/...

CVE-2024-37562 WordPress Simple Post Notes plugin <= 1.7.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BracketSpace Simple Post Notes allows Stored XSS.This issue affects Simple Post Notes: from n/a through 1.7.7...

CVE-2024-37562 WordPress Simple Post Notes plugin <= 1.7.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BracketSpace Simple Post Notes allows Stored XSS.This issue affects Simple Post Notes: from n/a through 1.7.7...

PT-2024-27661 · Unknown · Simple Post Notes

Name of the Vulnerable Software and Affected Versions: Simple Post Notes versions n/a through 1.7.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...

WordPress Simple Post Notes plugin <= 1.7.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Plugin Simple Post Notes versions = 1.7.7...

WordPress Simple Post Notes Plugin <= 1.7.7 is vulnerable to Cross Site Scripting (XSS)

Software Simple Post Notes Type Plugin Vulnerable versions = 1.7.7 Fixed in 1.7.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37562 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d5b3ff5d0988 Credits justakazh Required privilege...

CVE-2024-31935

Cross-Site Request Forgery CSRF vulnerability in BracketSpace Simple Post Notes.This issue affects Simple Post Notes: from n/a through 1.7.6...

CVE-2024-31935 WordPress Simple Post Notes plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in BracketSpace Simple Post Notes.This issue affects Simple Post Notes: from n/a through 1.7.6...