Lucene search
+L

6562 matches found

Nuclei
Nuclei
added 8 hours ago7 views

YMC Filter WordPress - Unauthenticated Post Disclosure

YMC Filter WordPress plugin 3.11.3 contains a broken access control vulnerability caused by improper authorization and lack of validation in a REST API endpoint, letting unauthenticated attackers retrieve private and non-public post content, exploit requires no authentication. id: CVE-2026-10823...

7.5CVSS5.2AI score0.00921EPSS
Exploits0References2
Nuclei
Nuclei
added 8 hours ago13 views

WordPress Simple Job Board - Unauthorized Data Access

The Simple Job Board plugin for WordPress is vulnerable to unauthorized data access due to insufficient authorization checking in the fetchquickjob function in all versions up to and including 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be...

5.3CVSS6.8AI score0.00909EPSS
Exploits0References3
Nuclei
Nuclei
added 8 hours ago20 views

WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts

WordPress before 5.2.4 contains an information disclosure caused by mishandling of the static query property, letting unauthenticated users view certain content, exploit requires no authentication. id: CVE-2019-17671 info: name: WordPress = 5.2.4 - Unauthenticated View Private/Draft Posts author:...

5.3CVSS6.8AI score0.36503EPSS
Exploits2References4
Nuclei
Nuclei
added 8 hours ago121 views

My Geo Posts Free <= 1.2 - PHP Object Injection

The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If ...

9.8CVSS8.9AI score0.0307EPSS
Exploits0References4
Nuclei
Nuclei
added 8 hours ago24 views

Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection

The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

7.5CVSS5.8AI score0.02101EPSS
Exploits4References3
Circl
Circl
added 9 hours ago5 views

CVE-2026-62232

creationtimestamp| type| source ---|---|--- 2026-07-17 02:46:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqsqbhg4qj2v 2026-07-17 03:00:31+00:00| seen| https://infosec.exchange/users/offseq/statuses/116933081864341410 2026-07-17 03:00:34+00:00| seen|...

9.1CVSS6.1AI score
Exploits0References4
Circl
Circl
added 12 hours ago5 views

CVE-2026-62241

creationtimestamp| type| source ---|---|--- 2026-07-17 00:24:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqsidieaof2d 2026-07-17 01:30:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116932727657867490 2026-07-17 01:30:28+00:00| seen|...

9.3CVSS6.1AI score
Exploits0References4
Circl
Circl
added yesterday4 views

CVE-2026-58643

creationtimestamp| type| source ---|---|--- 2026-07-16 23:15:17+00:00| seen| https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqseii3dun24 2026-07-16 23:15:19+00:00| seen| https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqseijyguw2y 2026-07-16 23:15:20+00:00| seen|...

6.1CVSS6.1AI score
Exploits0References7
Circl
Circl
added yesterday3 views

CVE-2026-26718

creationtimestamp| type| source ---|---|--- 2026-07-16 18:50:03+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqrvoapjwx2w 2026-07-16 19:00:06+00:00| seen| Telegram/rNnuPZSkZWDVpEPnyDrVrJ0tqHAdHjPuF4Jq-SaqH-76iI 2026-07-17 00:00:10+00:00| published-proof-of-concept|...

9.1CVSS6.1AI score0.00266EPSS
Exploits1References1
Circl
Circl
added yesterday6 views

CVE-2026-63304

creationtimestamp| type| source ---|---|--- 2026-07-16 13:42:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqrehkrzjo2w 2026-07-16 15:10:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqrjg32vln2m...

9.2CVSS6.1AI score
Exploits0References2
Circl
Circl
added yesterday5 views

CVE-2026-12525

creationtimestamp| type| source ---|---|--- 2026-07-16 08:24:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqqsqf6ncd2e 2026-07-16 09:00:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116928835008172741 2026-07-16 09:00:31+00:00| seen|...

8.8CVSS6.1AI score0.00144EPSS
Exploits0References3
CVE
CVE
added yesterday8 views

CVE-2026-15407

The CVE-2026-15407 entry describes an authorization bypass in Themify Builder for WordPress up to version 7.7.7. The underlying issue is insufficient verification of a user’s authorization for actions performed via the tb_generate_on_fly AJAX action, enabling authenticated users with subscriber-l...

4.3CVSS6.2AI score0.00288EPSS
Exploits0References10
NVD
NVD
added yesterday5 views

CVE-2026-12906

The RTMKit WordPress plugin before 2.0.9 does not perform a capability check in one of its AJAX actions and resolves a request-supplied post identifier directly, allowing users with at least the Contributor role to read the titles of other users' private, draft, pending, scheduled and trashed pos...

2.7CVSS0.00132EPSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-44879

The RTMKit WordPress plugin before 2.0.9 does not perform a capability check in one of its AJAX actions and resolves a request-supplied post identifier directly, allowing users with at least the Contributor role to read the titles of other users' private, draft, pending, scheduled and trashed pos...

2.7CVSS6.1AI score0.00132EPSS
Exploits0References1
NVD
NVD
added yesterday9 views

CVE-2026-12434

The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitizestatus. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts,...

4.3CVSS0.00239EPSS
Exploits0References6
EUVD
EUVD
added yesterday5 views

EUVD-2026-44856

The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitizestatus. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts,...

4.3CVSS6.1AI score0.00239EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-12434

The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitizestatus. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts,...

4.3CVSS6.1AI score0.00239EPSS
Exploits0References7
CVE
CVE
added yesterday8 views

CVE-2026-12434

The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure up to version 0.95.0 via sanitize_status. An authenticated attacker with contributor-level access or higher can extract titles, full content, excerpts, dates, authors, and custom-field metadata of other u...

4.3CVSS6.1AI score0.00239EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday21 views

CVE-2026-12434 List category posts <= 0.95.0 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via 'post_status' Shortcode Attribute

The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitizestatus. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts,...

4.3CVSS0.00239EPSS
Exploits0References6
Circl
Circl
added 2 days ago5 views

CVE-2026-55652

creationtimestamp| type| source ---|---|--- 2026-07-15 22:06:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqpq5txf2q2w 2026-07-15 23:00:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqpt7o5jtk26 2026-07-16 01:04:56+00:00| seen|...

9.8CVSS6.1AI score0.00355EPSS
Exploits0References3
Rows per page
Query Builder