CVE-2025-14481

The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...

CVE-2026-41243

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

CVE-2026-5829

A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of the argument postid causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

CVE-2026-46385

creationtimestamp| type| source ---|---|--- 2026-05-29 21:49:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmzjcgcjw427...

CVE-2026-8682

creationtimestamp| type| source ---|---|--- 2026-05-28 11:53:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvxjnpgei2i...

CVE-2025-14481

The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...

CVE-2026-7051 Blog2Social: Social Media Auto Post & Scheduler <= 8.9.0 - Missing Authorization to Authenticated (Subscriber+) Delete Arbitrary B2S Post Records via 'postId' Parameter

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

CVE-2026-7051 Blog2Social: Social Media Auto Post & Scheduler <= 8.9.0 - Missing Authorization to Authenticated (Subscriber+) Delete Arbitrary B2S Post Records via 'postId' Parameter

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

EUVD-2026-29899

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

CVE-2022-50958

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...

WordPress plugin Jetpack 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-35333

creationtimestamp| type| source ---|---|--- 2026-04-23 14:15:24+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mk675r76zg27 2026-05-14 11:00:13+00:00| published-proof-of-concept| Telegram/KyHCshI6yZBJj8Foftsx5hfP7GLhbMmJ81CYC3g7d-oupU...

CVE-2026-41243

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

CVE-2025-36579

creationtimestamp| type| source ---|---|--- 2026-04-16 18:14:02+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjmz6xedk72d...

CVE-2026-5829

CVE-2026-5829 affects code-projects Simple IT Discussion Forum 1.0. The vulnerability is in an unknown function of /pages/content.php where the post_id parameter can be manipulated to perform SQL injection. Remote exploitation is possible and a public exploit has been disclosed. CVSS data provide...

PT-2026-31561

Name of the Vulnerable Software and Affected Versions Simple IT Discussion Forum version 1.0 Description A SQL injection issue exists in Simple IT Discussion Forum 1.0 due to manipulation of the post id argument within an unknown function of the /pages/content.php file. This allows for remote...

CVE-2026-39354 Scoold has an Authenticated Arbitrary Question Overwrite via Client-Controlled postId in POST /questions/ask

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing question by supplying that question's public ID as the postId parameter to POST /questions/ask...

CVE-2026-39354

CVE-2026-39354 affects Scoold prior to version 1.66.2, where an authenticated low-privilege user can overwrite another user’s question by supplying the victim question’s public ID as postId to POST /questions/ask. This enables direct integrity loss in an existing discussion thread. Root cause is ...

CVE-2026-5620

creationtimestamp| type| source ---|---|--- 2026-04-06 06:24:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mismwbqqid2s...

CVE-2016-20056

creationtimestamp| type| source ---|---|--- 2026-04-04 14:45:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miohynzb5p2i...