WordPress Yoast Duplicate Post plugin <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite vulnerability

Authenticated Contributor+ Missing Authorization to Arbitrary Post Duplication and Overwrite vulnerability discovered by johska in WordPress Plugin Duplicate Post versions = 4.5...

CVE-2026-2879 GetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Post Overwrite/Deletion

The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2. This is due to missing validation on the id parameter in the create method of the GetGenieChat REST API endpoint. The method accepts a user-controlled post ID and, when...

CVE-2026-2879 GetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Post Overwrite/Deletion

The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2. This is due to missing validation on the id parameter in the create method of the GetGenieChat REST API endpoint. The method accepts a user-controlled post ID and, when...

CVE-2026-0998

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate user identity and post ownership in the /api/v1/askPMI endpoint which allows unauthorized users to start Zoom meetings as any user and overwrite arbitrary posts via...

PT-2026-8329

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.1.x through 11.1.2 Mattermost versions 10.11.x through 10.11.9 Mattermost versions 11.2.x through 11.2.1 Mattermost Plugin Zoom versions through 1.11.0 Description The software does not properly validate user identity an...