6562 matches found
YMC Filter WordPress - Unauthenticated Post Disclosure
YMC Filter WordPress plugin 3.11.3 contains a broken access control vulnerability caused by improper authorization and lack of validation in a REST API endpoint, letting unauthenticated attackers retrieve private and non-public post content, exploit requires no authentication. id: CVE-2026-10823...
WordPress Simple Job Board - Unauthorized Data Access
The Simple Job Board plugin for WordPress is vulnerable to unauthorized data access due to insufficient authorization checking in the fetchquickjob function in all versions up to and including 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be...
WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
WordPress before 5.2.4 contains an information disclosure caused by mishandling of the static query property, letting unauthenticated users view certain content, exploit requires no authentication. id: CVE-2019-17671 info: name: WordPress = 5.2.4 - Unauthenticated View Private/Draft Posts author:...
My Geo Posts Free <= 1.2 - PHP Object Injection
The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If ...
Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection
The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...
CVE-2026-62232
creationtimestamp| type| source ---|---|--- 2026-07-17 02:46:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqsqbhg4qj2v 2026-07-17 03:00:31+00:00| seen| https://infosec.exchange/users/offseq/statuses/116933081864341410 2026-07-17 03:00:34+00:00| seen|...
CVE-2026-62241
creationtimestamp| type| source ---|---|--- 2026-07-17 00:24:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqsidieaof2d 2026-07-17 01:30:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116932727657867490 2026-07-17 01:30:28+00:00| seen|...
CVE-2026-58643
creationtimestamp| type| source ---|---|--- 2026-07-16 23:15:17+00:00| seen| https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqseii3dun24 2026-07-16 23:15:19+00:00| seen| https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqseijyguw2y 2026-07-16 23:15:20+00:00| seen|...
CVE-2026-26718
creationtimestamp| type| source ---|---|--- 2026-07-16 18:50:03+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqrvoapjwx2w 2026-07-16 19:00:06+00:00| seen| Telegram/rNnuPZSkZWDVpEPnyDrVrJ0tqHAdHjPuF4Jq-SaqH-76iI 2026-07-17 00:00:10+00:00| published-proof-of-concept|...
CVE-2026-63304
creationtimestamp| type| source ---|---|--- 2026-07-16 13:42:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqrehkrzjo2w 2026-07-16 15:10:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqrjg32vln2m...
CVE-2026-12525
creationtimestamp| type| source ---|---|--- 2026-07-16 08:24:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqqsqf6ncd2e 2026-07-16 09:00:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116928835008172741 2026-07-16 09:00:31+00:00| seen|...
CVE-2026-15407
The CVE-2026-15407 entry describes an authorization bypass in Themify Builder for WordPress up to version 7.7.7. The underlying issue is insufficient verification of a user’s authorization for actions performed via the tb_generate_on_fly AJAX action, enabling authenticated users with subscriber-l...
CVE-2026-12906
The RTMKit WordPress plugin before 2.0.9 does not perform a capability check in one of its AJAX actions and resolves a request-supplied post identifier directly, allowing users with at least the Contributor role to read the titles of other users' private, draft, pending, scheduled and trashed pos...
EUVD-2026-44879
The RTMKit WordPress plugin before 2.0.9 does not perform a capability check in one of its AJAX actions and resolves a request-supplied post identifier directly, allowing users with at least the Contributor role to read the titles of other users' private, draft, pending, scheduled and trashed pos...
CVE-2026-12434
The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitizestatus. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts,...
EUVD-2026-44856
The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitizestatus. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts,...
CVE-2026-12434
The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitizestatus. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts,...
CVE-2026-12434
The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure up to version 0.95.0 via sanitize_status. An authenticated attacker with contributor-level access or higher can extract titles, full content, excerpts, dates, authors, and custom-field metadata of other u...
CVE-2026-12434 List category posts <= 0.95.0 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via 'post_status' Shortcode Attribute
The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitizestatus. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts,...
CVE-2026-55652
creationtimestamp| type| source ---|---|--- 2026-07-15 22:06:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqpq5txf2q2w 2026-07-15 23:00:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqpt7o5jtk26 2026-07-16 01:04:56+00:00| seen|...