6276 matches found
CVE-2025-12934
creationtimestamp| type| source ---|---|--- 2025-12-23 10:22:59+00:00| seen| https://gist.github.com/Darkcrai86/1223d292ad34425b948187905ab30ba2 2025-12-23 10:45:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mankyyzeot2p 2025-12-23 11:32:42+00:00| seen|...
CVE-2025-14388
creationtimestamp| type| source ---|---|--- 2025-12-23 10:03:44+00:00| seen| https://infosec.exchange/users/offseq/statuses/115768309982804801 2025-12-23 10:03:45+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3manioeubcv2z 2025-12-23 10:22:18+00:00| seen|...
CVE-2025-12934 Beaver Builder – WordPress Page Builder <= 2.9.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'duplicatewpmllayout' function in all versions up to, and including, 2.9.4.1. This makes it possible for authenticated attackers,...
PT-2025-52748
Name of the Vulnerable Software and Affected Versions Responsive Posts Carousel Pro versions through 15.2 Description An issue exists in WebCodingPlace Responsive Posts Carousel Pro that allows for Stored Cross-site Scripting XSS. This occurs due to improper neutralization of input during web pag...
WordPress plugin Responsive Posts Carousel Pro 跨站脚本漏洞
...
CVE-2023-53981
creationtimestamp| type| source ---|---|--- 2025-12-22 23:45:12+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mamg3vdpcl2b 2025-12-22 23:46:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mamg7cgt262x...
CVE-2025-11543
creationtimestamp| type| source ---|---|--- 2025-12-22 09:05:37+00:00| seen| https://infosec.exchange/users/offseq/statuses/115762419200846171 2025-12-22 09:05:51+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3makuxkek6e2n 2025-12-22 09:21:46+00:00| seen|...
CVE-2023-53952
Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...
CVE-2025-14071
The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslcmodulepostsoutput shortcode. This makes it possible for authenticated attackers, with...
CVE-2025-14080
The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsmlformprocess AJAX action. This makes it possible for...
CVE-2025-14080
The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsmlformprocess AJAX action. This makes it possible for...
CVE-2025-14071 Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) PHP Object Injection via dslc_module_posts_output Shortcode
The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslcmodulepostsoutput shortcode. This makes it possible for authenticated attackers, with...
CVE-2025-14071 Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) PHP Object Injection via dslc_module_posts_output Shortcode
The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslcmodulepostsoutput shortcode. This makes it possible for authenticated attackers, with...
CVE-2025-14080
CVE-2025-14080 concerns the WordPress plugin Frontend Post Submission Manager Lite. The vulnerability is due to missing authorization on the fpsml_form_process AJAX action, allowing unauthenticated attackers to modify arbitrary posts by supplying a post_id via the guest posting form. Reported imp...
CVE-2025-14178
creationtimestamp| type| source ---|---|--- 2025-12-20 02:01:22+00:00| seen| https://bsky.app/profile/slackers.it/post/3maf4czwhdn26 2025-12-20 02:01:33+00:00| seen| https://bsky.app/profile/slackers.it/post/3maf4d6dt3p2l 2025-12-21 11:53:36+00:00| seen|...
CVE-2025-14177
creationtimestamp| type| source ---|---|--- 2025-12-20 02:01:22+00:00| seen| https://bsky.app/profile/slackers.it/post/3maf4czwhdn26 2025-12-20 02:01:34+00:00| seen| https://bsky.app/profile/slackers.it/post/3maf4d6dt3p2l 2025-12-21 11:53:36+00:00| seen|...
CVE-2023-53952 Dotclear 2.25.3 Authenticated Remote Code Execution via File Upload
Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...
CVE-2023-53952
CVE-2023-53952 affects Dotclear 2.25.3, which contains a remote code execution vulnerability exploitable by authenticated attackers through the blog post creation interface. The issue arises from allowing uploads of PHP files with a .phar extension; such uploaded files can execute PHP system comm...
CVE-2025-11747
The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibriblogposts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-11747
CVE-2025-11747 affects the Colibri Page Builder WordPress plugin. The Wordfence report documents a stored cross-site scripting vulnerability in the colibri_blog_posts shortcode caused by insufficient input sanitization and lack of proper output escaping, affecting all versions up to and including...