6276 matches found
CVE-2025-68033
Insertion of Sensitive Information Into Sent Data vulnerability in Brecht Custom Related Posts custom-related-posts allows Retrieve Embedded Sensitive Data.This issue affects Custom Related Posts: from n/a through = 1.8.0...
CVE-2025-13812 GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.6.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure
The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gamipressajaxgetposts and gamipressajaxgetusers functions in all versions up to, and including...
CVE-2025-13215
CVE-2025-13215 : Information exposure in WordPress plugin “Shortcodes and extra features for Phlox theme” allows unauthenticated users to view draft post titles via auxels_ajax_search in all versions up to 2.17.13. Patch released in 2.17.13 (remediation noted). Base CVSS 3.1/3.1 vector indicates ...
CVE-2025-13215 Shortcodes and extra features for Phlox theme <= 2.17.13 - Unauthenticated Draft Posts Information Exposure
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.17.13 via the auxelsajaxsearch due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers...
CVE-2025-14996
creationtimestamp| type| source ---|---|--- 2026-01-06 05:43:12+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbqanetrfw2p 2026-01-06 06:01:28+00:00| seen| Telegram/C8cKa5CH9I3NM3jeEU5QbxYCnFxc-EFqHQ9i2kT9Led6pw 2026-01-06 07:32:43+00:00| seen|...
CVE-2025-15001
creationtimestamp| type| source ---|---|--- 2026-01-06 05:43:05+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbqan5lmr32v 2026-01-06 06:01:52+00:00| seen| Telegram/CcmqjLA2mNtM5BJazY2xuLNEDduKSSrq7amdf2ocdCDMM4 2026-01-06 07:36:06+00:00| seen|...
CVE-2026-21486
creationtimestamp| type| source ---|---|--- 2026-01-06 04:39:52+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbq544jrhx2p 2026-01-06 04:40:13+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbq54qhqlr2e 2026-01-06 05:03:26+00:00|...
CVE-2026-21677
creationtimestamp| type| source ---|---|--- 2026-01-06 04:39:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbq52zfgju2z 2026-01-06 05:03:39+00:00| seen| Telegram/1KywSS9pNEst0ZUnOIrrMzmRFjI63qMIXr1OzeZh2tlqF4 2026-01-06 08:04:10+00:00| seen|...
CVE-2026-21676
creationtimestamp| type| source ---|---|--- 2026-01-06 04:39:08+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbq52s2u5w2p 2026-01-06 05:03:39+00:00| seen| Telegram/1KywSS9pNEst0ZUnOIrrMzmRFjI63qMIXr1OzeZh2tlqF4 2026-01-06 07:24:28+00:00| seen|...
CVE-2026-21675
creationtimestamp| type| source ---|---|--- 2026-01-06 02:29:09+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbpvsf4zlr2b 2026-01-06 03:00:52+00:00| published-proof-of-concept| Telegram/rxZzs7ray3g1wpNHhJrywO9yfcDTcZCq5FMaTnag1faYKo 2026-01-06 03:54:25+00:00| seen|...
SUSE CVE-2017-18888
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts...
CVE-2025-69228
creationtimestamp| type| source ---|---|--- 2026-01-06 00:29:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbpp3ydezr2c 2026-01-06 01:04:01+00:00| seen| Telegram/2QW8Fh9GNw2oVUTZekwxOkJVN6yFYGFerNd9WhPSIM87KY 2026-01-06 09:48:07+00:00| seen|...
SUSE CVE-2025-13352
Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...
PT-2026-1424
Name of the Vulnerable Software and Affected Versions MasterStudy LMS WordPress Plugin versions through 3.7.6 Description The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is susceptible to unauthorized modification and deletion of data. This is due to a...
PT-2026-1420
Name of the Vulnerable Software and Affected Versions GamiPress – Gamification plugin for WordPress versions prior to 7.6.2 Description The GamiPress – Gamification plugin for WordPress is susceptible to unauthorized data access. A missing capability check in the gamipress ajax get posts and...
CVE-2025-53966
creationtimestamp| type| source ---|---|--- 2026-01-05 20:59:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbpdem5l3o2e 2026-01-05 23:27:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbplmykqi32m...
CVE-2025-64420
creationtimestamp| type| source ---|---|--- 2026-01-05 20:25:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbpbhxuib22a 2026-01-05 20:25:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbpbiidogk2f 2026-01-05 20:49:13+00:00| seen|...
CVE-2025-64419
creationtimestamp| type| source ---|---|--- 2026-01-05 20:25:17+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbpbhqkwvq2t 2026-01-05 20:25:34+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbpbiaulia2p 2026-01-05 20:52:13+00:00| seen|...
CVE-2025-65110
creationtimestamp| type| source ---|---|--- 2026-01-05 19:29:01+00:00| published-proof-of-concept| https://github.com/vega/vega/security/advisories/GHSA-829q-m3qg-ph8r 2026-01-05 22:19:18+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbphtmlv552a 2026-01-05 23:05:27+00:00|...
CVE-2025-61246
creationtimestamp| type| source ---|---|--- 2026-01-05 19:00:10+00:00| published-proof-of-concept| Telegram/uMCzxGgr2x3STZAp0ylOr-SeDC6RAcnQeh3DqIsWZXD5kaQ 2026-01-05 21:00:04+00:00| published-proof-of-concept| Telegram/NXxnKLZSaBlQTQxt0WJ9c3G9QPSHY40ZYnU5qA6mvG8vUA 2026-01-08 22:23:36+00:00| see...