116 matches found
CVE-2025-13842
The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $REQUEST'postid' parameter without verification in the...
CVE-2025-13842 Breadcrumb NavXT <= 7.5.0 - Missing Authorization to Sensitive Information Exposure
The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $REQUEST'postid' parameter without verification in the...
CVE-2025-13842
CVE-2025-13842 applies to the Breadcrumb NavXT WordPress plugin, affected up to version 7.5.0. The underlying issue is an authorization bypass: the Gutenberg block renderer trusts the $_REQUEST['post_id'] in includes/blocks/build/breadcrumb-trail/render.php, enabling unauthenticated users to enum...
WordPress plugin Breadcrumb NavXT 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-22892
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...
CVE-2025-15548
creationtimestamp| type| source ---|---|--- 2026-01-29 20:15:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdlm47owb426...
CVE-2026-22243
creationtimestamp| type| source ---|---|--- 2026-01-28 07:18:30+00:00| published-proof-of-concept| https://github.com/EGroupware/egroupware/security/advisories/GHSA-rvxj-7f72-mhrx 2026-01-28 18:30:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdivsj54ez26...
CVE-2025-69180
creationtimestamp| type| source ---|---|--- 2026-01-25 07:54:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdaau73w3s23...
CVE-2023-54332
CVE-2023-54332 affects Jetpack 11.4. The vulnerability is a cross-site scripting flaw in the contact form module that allows attackers to inject scripts via the post_id parameter. Exploitation involves crafting malicious URLs to execute arbitrary JavaScript in victims’ browsers when they interact...
PT-2026-2422
Name of the Vulnerable Software and Affected Versions Jetpack version 11.4 Description The software contains a cross-site scripting issue within the contact form module. An attacker can inject malicious scripts through the post id parameter. By crafting malicious URLs with script payloads, an...
CVE-2024-39361
Mattermost versions 9.8.0, 9.7.x = 9.7.4, 9.6.x = 9.6.2 and 9.5.x = 9.5.5 fail to prevent users from specifying a RemoteId for their posts which allows an attacker to specify both a remoteId and the post ID, resulting in creating a post with a user-defined post ID. This can cause some broken...
CVE-2025-14080 Frontend Post Submission Manager Lite <= 1.2.5 - Missing Authorization to Unauthenticated Arbitrary Post Modification
The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsmlformprocess AJAX action. This makes it possible for...
CVE-2025-14080 Frontend Post Submission Manager Lite <= 1.2.5 - Missing Authorization to Unauthenticated Arbitrary Post Modification
The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsmlformprocess AJAX action. This makes it possible for...
CVE-2025-67747
creationtimestamp| type| source ---|---|--- 2025-12-15 18:20:51+00:00| published-proof-of-concept| https://github.com/trailofbits/fickling/security/advisories/GHSA-565g-hwwr-4pp3 2026-01-02 18:46:25+00:00| published-proof-of-concept| Telegram/PJ0624gDLdyTO0vVvr-4zwa3ib0JJFcfMDnXcsBI6RfrbkA...
CVE-2025-63561
creationtimestamp| type| source ---|---|--- 2025-10-31 22:22:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4jjabsxux2q...
CVE-2025-11857
The XX2WP Integration Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mxpfb2wpdisplayembed' shortcode in all versions up to, and including, 1.9.9. This is due to the plugin not properly sanitizing user input and output of the 'postid' parameter. This makes it...
EUVD-2025-27661
Malicious code in bioql PyPI...
CVE-2025-9073
The All in one Minifier plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-9073 All in one Minifier <= 3.2 - Unauthenticated SQL Injection
The All in one Minifier plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
WordPress plugin All in one Minifier SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability...