6272 matches found
WordPress Moderate Selected Posts plugin <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update vulnerability
Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Moderate Selected Posts versions = 1.4...
CVE-2026-24406
creationtimestamp| type| source ---|---|--- 2026-01-24 01:20:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3md52eqfvb52m 2026-01-24 01:20:58+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3md52ezqg6323 2026-01-24 01:33:59+00:00| seen|...
WordPress Same Category Posts plugin <= 1.1.19 - Authenticated (Author+) Stored Cross-Site Scripting via Widget Title Placeholder vulnerability
Authenticated Author+ Stored Cross-Site Scripting via Widget Title Placeholder vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Same Category Posts versions = 1.1.19...
WordPress plugin User Submitted Posts cross-site scripting vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-4570
The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to the use of htmlspecialchars decode on taxonomy term names before output, which decodes HTML entitie...
WordPress plugin "Same Category Posts" – Cross-site scripting vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
WordPress plugin: “Moderate Selected Posts” – Cross-Site Request Forgery vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
CVE-2025-52762
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in flexostudio flexo-posts-manager flexo-posts-manager allows Reflected XSS.This issue affects flexo-posts-manager: from n/a through = 1.0001...
CVE-2025-69316
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 TableOn posts-table-filterable allows Reflected XSS.This issue affects TableOn: from n/a through = 1.0.4.2...
CVE-2026-22347
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in subhansanjaya Carousel Horizontal Posts Content Slider carousel-horizontal-posts-content-slider allows DOM-Based XSS.This issue affects Carousel Horizontal Posts Content Slider: from n/a through =...
CVE-2025-70985
creationtimestamp| type| source ---|---|--- 2026-01-23 20:25:04+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3md4jtv5his2r 2026-01-23 20:25:30+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3md4jup2stb27 2026-01-23 23:46:16+00:00| seen|...
CVE-2025-70983
creationtimestamp| type| source ---|---|--- 2026-01-23 20:24:55+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3md4jto57n42o 2026-01-23 20:25:22+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3md4juhhgi22r 2026-01-23 23:21:56+00:00| seen|...
CVE-2025-70986
creationtimestamp| type| source ---|---|--- 2026-01-23 20:24:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3md4jtgybgf2a 2026-01-23 20:25:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3md4juaj7t724 2026-01-23 23:36:15+00:00| seen|...
CVE-2026-24596
Cross-Site Request Forgery CSRF vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts Thumbnails Plugin for WordPress: from n/a through = 4.3.2...
CVE-2026-24587
Missing Authorization vulnerability in kutsy AJAX Hits Counter + Popular Posts Widget ajax-hits-counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Hits Counter + Popular Posts Widget: from n/a through = 0.10.210305...
CVE-2026-24596 WordPress Related Posts Thumbnails plugin for WordPress plugin <= 4.3.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts Thumbnails Plugin for WordPress: from n/a through = 4.3.2...
CVE-2026-24596 WordPress Related Posts Thumbnails plugin for WordPress plugin <= 4.3.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts Thumbnails Plugin for WordPress: from n/a through = 4.3.2...
CVE-2026-24596
Cross-Site Request Forgery CSRF vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts Thumbnails Plugin for WordPress: from n/a through = 4.3.1...
CVE-2026-24596
CVE-2026-24596 is a CSRF vulnerability in the WordPress plugin Related Posts Thumbnails (versions up to 4.3.1). The issue allows Cross-Site Request Forgery, affecting the Related Posts Thumbnails Plugin for WordPress from an unspecified early version to 4.3.1. The CVE entry provides a CVSS v3.1 b...
CVE-2026-24587
Missing Authorization vulnerability in kutsy AJAX Hits Counter + Popular Posts Widget ajax-hits-counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Hits Counter + Popular Posts Widget: from n/a through = 0.10.210305...