Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection

The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

My Geo Posts Free <= 1.2 - PHP Object Injection

The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If ...

WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts

WordPress before 5.2.4 contains an information disclosure caused by mishandling of the static query property, letting unauthenticated users view certain content, exploit requires no authentication. id: CVE-2019-17671 info: name: WordPress = 5.2.4 - Unauthenticated View Private/Draft Posts author:...

WordPress Simple Job Board - Unauthorized Data Access

The Simple Job Board plugin for WordPress is vulnerable to unauthorized data access due to insufficient authorization checking in the fetchquickjob function in all versions up to and including 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be...

CVE-2026-3472 Markdown image rendering bypass in AI bot tool result posts in Mattermost

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into to...

CVE-2026-46331

creationtimestamp| type| source ---|---|--- 2026-06-26 13:26:58+00:00| seen| https://bsky.app/profile/infosecbriefly.bsky.social/post/3mp72c3a6uv2w 2026-06-26 13:35:18+00:00| seen| https://bsky.app/profile/cybernewsroom.bsky.social/post/3mp72qywylh2d 2026-06-26 13:38:12+00:00| seen|...

CVE-2026-57881

creationtimestamp| type| source ---|---|--- 2026-06-26 09:40:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp6nmtudxw2n 2026-06-26 10:30:29+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mp6qgiqq7n2j 2026-06-26 10:30:35+00:00| seen|...

CVE-2026-10823

The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts...

CVE-2026-10823

CVE-2026-10823 affects the YMC Filter WordPress plugin (pre-3.11.3). The flaw stems from improper authorization of a REST API endpoint and lack of validation of a user-supplied query parameter, enabling unauthenticated attackers to retrieve titles and content from private, draft, and other non-pu...

CVE-2026-10823

The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts...

CVE-2026-10823 YMC Smart Filter < 3.11.3 - Unauthenticated Private/Draft Post Disclosure

The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts...

EUVD-2026-39624

The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts...

CVE-2026-9222

creationtimestamp| type| source ---|---|--- 2026-06-26 00:00:43+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mp5naf23d32g 2026-06-26 00:00:45+00:00| seen| https://infosec.exchange/users/offseq/statuses/116813466196592988 2026-06-26 02:17:08+00:00| seen|...

CVE-2026-9702

creationtimestamp| type| source ---|---|--- 2026-06-25 07:30:29+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mp3vvpptdm2u 2026-06-25 07:30:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116809572458310891...

CVE-2026-50551

creationtimestamp| type| source ---|---|--- 2026-06-25 02:08:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp3dwi46mr2x 2026-06-25 03:00:27+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mp3gsuacvy2b 2026-06-25 03:00:28+00:00| seen|...

CVE-2026-9620

The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, and including, 5.0.11. This is due to insufficient output escaping in the field and loop functions, which extract the raw src attribute value...

CVE-2026-9620 WP Latest Posts <= 5.0.11 - Authenticated (Author+) Stored Cross-Site Scripting via Post Content Image src Attribute

The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, and including, 5.0.11. This is due to insufficient output escaping in the field and loop functions, which extract the raw src attribute value...

CVE-2026-56120

creationtimestamp| type| source ---|---|--- 2026-06-24 00:30:04+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moynwor2ys23 2026-06-24 00:44:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moyorkb7qe2l...

CVE-2026-46548

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the request-filtering-agent SSRF protection was non-functional in the four notification webhook plugins Slack, Discord, Mattermost, Teams because httpAgent / httpsAgent were passed as part of the request body rather th...

CVE-2026-50160

creationtimestamp| type| source ---|---|--- 2026-06-23 17:43:08+00:00| seen| https://bsky.app/profile/r-netsec-bot.bsky.social/post/3moxx7foljc2c 2026-06-23 19:10:19+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3moy43cm7u325...