74 matches found
CVE-2026-9676
The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts...
CVE-2026-9676
The vulnerability CVE-2026-9676 affects the F4 Post Tree WordPress plugin prior to 2.0.5. The issue arises because the plugin does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the...
CVE-2025-68004
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: from n/a through = 1.2.1.1...
CVE-2025-68004
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: from n/a through = 1.2.1.1...
CVE-2025-68004 WordPress My Post Order plugin <= 1.2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: from n/a through = 1.2.1.1...
CVE-2025-68004
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: from n/a through = 1.2.1.1...
CVE-2025-68004 WordPress My Post Order plugin <= 1.2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: from n/a through = 1.2.1.1...
CVE-2025-68004
CVE-2025-68004 is a Reflected XSS in WordPress plugin My Post Order (my-posts-order) up to version 1.2.1.1, caused by improper input neutralization during web page generation. The CVSS 3.1 vector indicates NETWORK attack with USER INTERACTION required and HIGH severity (7.1). Multiple connected s...
WordPress plugin My Post Order has a cross-site scripting vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-4049
Name of the Vulnerable Software and Affected Versions Kapil Chugh My Post Order versions through 1.2.1.1 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting XSS issue. This specific instance is a Reflected...
WordPress My Post Order plugin <= 1.2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin My Post Order versions = 1.2.1.1...
EUVD-2022-51734
Malicious code in bioql PyPI...
EUVD-2023-51632
Malicious code in bioql PyPI...
EUVD-2022-51735
Malicious code in bioql PyPI...
EUVD-2024-43384
Malicious code in bioql PyPI...
EUVD-2024-23229
Malicious code in bioql PyPI...
WordPress plugin Custom Category/Post Type Post order security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2024-49321
Missing Authorization vulnerability in colorlibplugins Simple Custom Post Order simple-custom-post-order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through = 2.5.7...
CVE-2023-47521
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Max Bond, AndreSC Q2W3 Post Order allows Reflected XSS.This issue affects Q2W3 Post Order: from n/a through 1.2.8...
CVE-2022-4385
The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user with roles as low as Subscriber to update the menu order...