6279 matches found
EUVD-2025-197964
The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated...
CVE-2025-12481
The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated...
CVE-2025-12481 WP Duplicate Page <= 1.7 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure
The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated...
CVE-2025-12481
The vulnerability CVE-2025-12481 affects the WP Duplicate Page plugin for WordPress (versions up to 1.7). Root cause: Missing authorization checks in saveSettings allow authenticated users with Contributor+ privileges to modify plugin settings that control capabilities, enabling them to duplicate...
CVE-2025-12481 WP Duplicate Page <= 1.7 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure
The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated...
CVE-2025-11734 Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links <= 1.2.5 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Trashing
The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization in all versions up to, and including, 1.2.5. This is due to the plugin registering a REST API endpoint that only...
CVE-2025-12524 Post Type Switcher <= 4.0.0 - Insecure Direct Object Reference to Authenticated (Author+) Post Type Change
The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...
PT-2025-47281
Name of the Vulnerable Software and Affected Versions WP Duplicate Page plugin versions prior to 1.8 Description The WP Duplicate Page plugin for WordPress is affected by a missing authorization issue. The plugin does not properly verify user authorization to perform actions within the saveSettin...
CVE-2025-13223
creationtimestamp| type| source ---|---|--- 2025-11-17 23:20:14+00:00| seen| https://bsky.app/profile/baldanders.info/post/3m5uefi3p7k2y 2025-11-17 23:30:35+00:00| seen| https://bsky.app/profile/spiegel.goark.fedicity.net.ap.brid.gy/post/3m5uesnjmb4p2 2025-11-17 23:50:01+00:00| seen|...
CVE-2025-64262
Cross-Site Request Forgery CSRF vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through = 3.0.0...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade...
CVE-2025-55073 MS Teams plugin OAuth allows editing arbitrary posts
Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL...
CVE-2025-13131
creationtimestamp| type| source ---|---|--- 2025-11-13 22:31:02+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5k7r6vwkso2 2025-11-13 22:56:22+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5kb5m5gr5w2 2025-11-14...
CVE-2025-36250
creationtimestamp| type| source ---|---|--- 2025-11-13 22:22:12+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115544721445633757 2025-11-13 22:30:51+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5k7qnx74722 2025-11-13 22:56:55+00:00| seen|...
EUVD-2025-163783
Cross-Site Request Forgery CSRF vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through = 3.0.0...
CVE-2025-64262
Cross-Site Request Forgery CSRF vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through = 3.0.0...
CVE-2025-64262 WordPress Auto Prune Posts plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through = 3.0.0...
CVE-2025-64262 WordPress Auto Prune Posts plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through = 3.0.0...
CVE-2025-64262
CVE-2025-64262 is a CSRF vulnerability in the WordPress plugin Auto Prune Posts (versions