6276 matches found
CVE-2025-67070
creationtimestamp| type| source ---|---|--- 2026-01-09 22:39:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbzktodu6e2r 2026-01-09 23:01:31+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzm2s3tka2v 2026-01-09 23:02:37+00:00| seen|...
CVE-2026-0830
creationtimestamp| type| source ---|---|--- 2026-01-09 22:00:56+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbziogyzqy2m 2026-01-09 22:07:00+00:00| seen| Telegram/sbBWfdQsy2QnBSyrchCbfVHeoFEwmnGugyfSbtG1Df5cAwQ 2026-01-09 23:49:41+00:00| seen|...
CVE-2025-56425
creationtimestamp| type| source ---|---|--- 2026-01-09 19:58:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzbttdf6v2t 2026-01-09 19:59:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzbupap4v2t...
CVE-2025-67825
creationtimestamp| type| source ---|---|--- 2026-01-09 19:58:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzbtla2jk2v 2026-01-09 19:59:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzbuhkze62u...
CVE-2023-4725
The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-4036
The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones...
CVE-2017-18585
The posts-in-page plugin before 1.3.0 for WordPress has icaddposts template='../ directory traversal...
CVE-2017-18898
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang...
CVE-2017-18889
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API...
CVE-2019-11869
The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin settings, suc...
CVE-2019-20887
An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts...
CVE-2024-39361
Mattermost versions 9.8.0, 9.7.x = 9.7.4, 9.6.x = 9.6.2 and 9.5.x = 9.5.5 fail to prevent users from specifying a RemoteId for their posts which allows an attacker to specify both a remoteId and the post ID, resulting in creating a post with a user-defined post ID. This can cause some broken...
CVE-2023-25025
Cross-Site Request Forgery CSRF vulnerability in Chetan Gole WP-CopyProtect Protect your blog posts plugin = 3.1.0 versions...
CVE-2023-29237
Missing Authorization vulnerability in Muhammad Rehman Remove Duplicate Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Remove Duplicate Posts: from n/a through 1.3.5...
CVE-2023-49180
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ternstyle LLC Automatic Youtube Video Posts Plugin allows Stored XSS.This issue affects Automatic Youtube Video Posts Plugin: from n/a through 5.2.2...
CVE-2023-45066
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1...
CVE-2023-4792
The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicateppmcpostasdraft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with...
CVE-2023-4779
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's uspgallery shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible...
CVE-2023-40556
Cross-Site Request Forgery CSRF vulnerability in Greg Ross Schedule Posts Calendar plugin = 5.2 versions...
CVE-2023-40560
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Greg Ross Schedule Posts Calendar plugin = 5.2 versions...