CVE-2026-40992

creationtimestamp| type| source ---|---|--- 2026-06-11 06:47:07+00:00| seen| https://bsky.app/profile/0.5ritter.de/post/3mnymx7g2722u 2026-06-11 06:49:07+00:00| seen| https://bsky.app/profile/0.5ritter.de/post/3mnyn2l2qo22u 2026-06-11 12:40:06+00:00| seen|...

CVE-2026-41001

creationtimestamp| type| source ---|---|--- 2026-06-11 06:47:07+00:00| seen| https://bsky.app/profile/0.5ritter.de/post/3mnymx7g2722u 2026-06-11 06:49:09+00:00| seen| https://bsky.app/profile/0.5ritter.de/post/3mnyn2l2qo22u 2026-06-16 12:15:14+00:00| seen|...

CVE-2026-44693

creationtimestamp| type| source ---|---|--- 2026-06-11 02:00:47+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mny4xbjy4l27 2026-06-11 03:22:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnybigf6cc2l...

CVE-2026-42558

creationtimestamp| type| source ---|---|--- 2026-06-11 02:00:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mny4wzvgc72p 2026-06-11 02:55:23+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mny7yw76252o...

CVE-2026-35273

creationtimestamp| type| source ---|---|--- 2026-06-11 00:39:42+00:00| seen| https://www.acn.gov.it/portale/w/rilevata-vulnerabilita-in-oracle-1 2026-06-11 03:02:12+00:00| seen| https://bsky.app/profile/baldanders.info/post/3mnyaf4l2qg2y 2026-06-11 03:02:21+00:00| seen|...

EUVD-2026-36139

Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdpactionhandling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...

CVE-2026-53738

creationtimestamp| type| source ---|---|--- 2026-06-10 23:00:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnxsuuqatl2n 2026-06-10 23:42:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnxv7oxlmf2i...

CVE-2026-53738 Copy & Delete Posts through 1.5.4 Privilege Escalation via cdp_action_handling Handler

Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdpactionhandling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...

CVE-2026-53738

CVE-2026-53738 affects the WordPress plugin Copy & Delete Posts, up to version 1.5.4. The vulnerability stems from the cdp_action_handling AJAX handler, where any plugin-enabled non-admin role can invoke every operation, bypassing per-function capability checks. This enables attackers with an ena...

CVE-2026-53738 Copy & Delete Posts through 1.5.4 Privilege Escalation via cdp_action_handling Handler

Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdpactionhandling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...

CVE-2026-9019

creationtimestamp| type| source ---|---|--- 2026-06-10 11:31:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnwmf5ckts2r 2026-06-10 18:04:38+00:00| seen| https://bsky.app/profile/donwebmedia.bsky.social/post/3mnxcdurote2a...

CVE-2026-52884

creationtimestamp| type| source ---|---|--- 2026-06-10 11:18:20+00:00| seen| https://bsky.app/profile/hn100.bsky.social/post/3mnwlmv624n2n 2026-06-10 11:19:33+00:00| seen| https://bsky.app/profile/hnws.bsky.social/post/3mnwlpjjr3e22 2026-06-10 11:20:05+00:00| seen|...

CVE-2026-9067

creationtimestamp| type| source ---|---|--- 2026-06-10 11:03:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnwkswfh3g2u 2026-06-10 12:00:19+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mnwnygdhh62q 2026-06-10 12:00:40+00:00| seen|...

CVE-2026-3018

creationtimestamp| type| source ---|---|--- 2026-06-10 11:00:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnwknm5q4p2y 2026-06-10 11:16:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnwlkbkl762m 2026-06-10 12:00:23+00:00| seen|...

CVE-2026-8071

creationtimestamp| type| source ---|---|--- 2026-06-10 10:54:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnwkcoeuvv2r 2026-06-10 12:00:21+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mnwnyiff372t 2026-06-10 12:00:36+00:00| seen|...

CVE-2026-8940

The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the top-level included script in msp-options.php. This makes it possible for unauthenticated attackers to chan...

CVE-2026-8613

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'titletag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-8613 aThemes Addons for Elementor <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' Widget Setting

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'titletag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2026-35996

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'titletag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-8613

The CVE-2026-8613 entry concerns the WordPress plugin aThemes Addons for Elementor (