Lucene search
+L

116 matches found

NVD
NVD
added 2026/02/19 7:17 a.m.8 views

CVE-2025-13842

The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $REQUEST'postid' parameter without verification in the...

5.3CVSS0.00322EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.4 views

CVE-2025-13842 Breadcrumb NavXT <= 7.5.0 - Missing Authorization to Sensitive Information Exposure

The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $REQUEST'postid' parameter without verification in the...

5.3CVSS5.5AI score0.00322EPSS
Exploits0References3
CVE
CVE
added 2026/02/19 4:36 a.m.37 views

CVE-2025-13842

CVE-2025-13842 applies to the Breadcrumb NavXT WordPress plugin, affected up to version 7.5.0. The underlying issue is an authorization bypass: the Gutenberg block renderer trusts the $_REQUEST['post_id'] in includes/blocks/build/breadcrumb-trail/render.php, enabling unauthenticated users to enum...

5.3CVSS5.5AI score0.00322EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

WordPress plugin Breadcrumb NavXT 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00322EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/13 10:29 a.m.6 views

CVE-2026-22892

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS5.5AI score0.00239EPSS
Exploits0References2Affected Software1
Circl
Circl
added 2026/01/29 8:15 p.m.6 views

CVE-2025-15548

creationtimestamp| type| source ---|---|--- 2026-01-29 20:15:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdlm47owb426...

6.5CVSS5.8AI score0.00068EPSS
Exploits0References1
Circl
Circl
added 2026/01/28 7:18 a.m.16 views

CVE-2026-22243

creationtimestamp| type| source ---|---|--- 2026-01-28 07:18:30+00:00| published-proof-of-concept| https://github.com/EGroupware/egroupware/security/advisories/GHSA-rvxj-7f72-mhrx 2026-01-28 18:30:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdivsj54ez26...

8.8CVSS5.7AI score0.0036EPSS
Exploits3References2
Circl
Circl
added 2026/01/25 7:54 a.m.6 views

CVE-2025-69180

creationtimestamp| type| source ---|---|--- 2026-01-25 07:54:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdaau73w3s23...

8.5CVSS5AI score0.00258EPSS
Exploits0References1
CVE
CVE
added 2026/01/13 10:56 p.m.23 views

CVE-2023-54332

CVE-2023-54332 affects Jetpack 11.4. The vulnerability is a cross-site scripting flaw in the contact form module that allows attackers to inject scripts via the post_id parameter. Exploitation involves crafting malicious URLs to execute arbitrary JavaScript in victims’ browsers when they interact...

6.1CVSS6.2AI score0.0024EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.7 views

PT-2026-2422

Name of the Vulnerable Software and Affected Versions Jetpack version 11.4 Description The software contains a cross-site scripting issue within the contact form module. An attacker can inject malicious scripts through the post id parameter. By crafting malicious URLs with script payloads, an...

6.1CVSS6.2AI score0.0024EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/01/09 9:33 a.m.5 views

CVE-2024-39361

Mattermost versions 9.8.0, 9.7.x = 9.7.4, 9.6.x = 9.6.2 and 9.5.x = 9.5.5 fail to prevent users from specifying a RemoteId for their posts which allows an attacker to specify both a remoteId and the post ID, resulting in creating a post with a user-defined post ID. This can cause some broken...

5.4CVSS6.8AI score0.00277EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/21 2:20 a.m.6 views

CVE-2025-14080 Frontend Post Submission Manager Lite <= 1.2.5 - Missing Authorization to Unauthenticated Arbitrary Post Modification

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsmlformprocess AJAX action. This makes it possible for...

5.3CVSS5.7AI score0.0024EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/21 2:20 a.m.27 views

CVE-2025-14080 Frontend Post Submission Manager Lite <= 1.2.5 - Missing Authorization to Unauthenticated Arbitrary Post Modification

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsmlformprocess AJAX action. This makes it possible for...

5.3CVSS0.0024EPSS
Exploits0References4
Circl
Circl
added 2025/12/15 6:20 p.m.6 views

CVE-2025-67747

creationtimestamp| type| source ---|---|--- 2025-12-15 18:20:51+00:00| published-proof-of-concept| https://github.com/trailofbits/fickling/security/advisories/GHSA-565g-hwwr-4pp3 2026-01-02 18:46:25+00:00| published-proof-of-concept| Telegram/PJ0624gDLdyTO0vVvr-4zwa3ib0JJFcfMDnXcsBI6RfrbkA...

8.5CVSS5.7AI score0.00246EPSS
Exploits1References2
Circl
Circl
added 2025/10/31 10:22 p.m.11 views

CVE-2025-63561

creationtimestamp| type| source ---|---|--- 2025-10-31 22:22:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4jjabsxux2q...

7.5CVSS5.8AI score0.00367EPSS
Exploits1References1
NVD
NVD
added 2025/10/18 6:15 a.m.6 views

CVE-2025-11857

The XX2WP Integration Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mxpfb2wpdisplayembed' shortcode in all versions up to, and including, 1.9.9. This is due to the plugin not properly sanitizing user input and output of the 'postid' parameter. This makes it...

6.4CVSS0.00282EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-27661

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.004EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/13 7:25 a.m.14 views

CVE-2025-9073

The All in one Minifier plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS6.8AI score0.004EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/11 7:24 a.m.12 views

CVE-2025-9073 All in one Minifier <= 3.2 - Unauthenticated SQL Injection

The All in one Minifier plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS0.004EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/11 12:0 a.m.5 views

WordPress plugin All in one Minifier SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability...

7.5CVSS7.6AI score0.004EPSS
Exploits0References2
Rows per page
Query Builder