6233 matches found
CVE-2026-44366
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting XSS vulnerability exists in the Vvveb CMS comment submission flow. The author field is submitted by an unauthenticated user on any public post...
CVE-2026-44366 Vvveb: Stored XSS via Comment Author Field
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting XSS vulnerability exists in the Vvveb CMS comment submission flow. The author field is submitted by an unauthenticated user on any public post...
CVE-2026-44366
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting XSS vulnerability exists in the Vvveb CMS comment submission flow. The author field is submitted by an unauthenticated user on any public post...
EUVD-2026-30588
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting XSS vulnerability exists in the Vvveb CMS comment submission flow. The author field is submitted by an unauthenticated user on any public post...
CVE-2026-44366 Vvveb: Stored XSS via Comment Author Field
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting XSS vulnerability exists in the Vvveb CMS comment submission flow. The author field is submitted by an unauthenticated user on any public post...
CVE-2026-46417
creationtimestamp| type| source ---|---|--- 2026-05-15 17:50:55+00:00| seen| https://bsky.app/profile/arigatouz.bsky.social/post/3mlvvhfkrbc2n 2026-05-15 17:51:08+00:00| seen| https://bsky.app/profile/arigatouz.bsky.social/post/3mlvvhfl22k2n 2026-06-22 23:16:24+00:00| seen|...
CVE-2026-2347
creationtimestamp| type| source ---|---|--- 2026-05-14 10:21:28+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlslusj2hc2n 2026-05-14 10:30:31+00:00| seen| https://infosec.exchange/users/offseq/statuses/116572463385163397 2026-05-14 10:30:32+00:00| seen|...
CVE-2026-6206
The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the getpostpropertyfromquerystring function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract da...
CVE-2026-3892
creationtimestamp| type| source ---|---|--- 2026-05-14 09:08:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlshrszelm2i 2026-05-14 09:14:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlsi4pzt7o2i...
EUVD-2026-30262
The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete...
CVE-2026-6512 InfusedWoo Pro <= 5.1.2 - Unauthenticated Missing Authorization to Arbitrary Post Deletion via Multiple Parameters
The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete...
CVE-2026-6206 MW WP Form <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure via 'post_id' Query Parameter
The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the getpostpropertyfromquerystring function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract da...
CVE-2026-6206
The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the getpostpropertyfromquerystring function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract da...
CVE-2026-6206 MW WP Form <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure via 'post_id' Query Parameter
The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the getpostpropertyfromquerystring function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract da...
CVE-2026-5395
creationtimestamp| type| source ---|---|--- 2026-05-14 08:02:52+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlsdz4dcz62t 2026-05-14 09:28:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlsivoihzf2i 2026-05-14 09:36:20+00:00| seen|...
CVE-2026-8328
creationtimestamp| type| source ---|---|--- 2026-05-14 00:03:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlrjejlkhq2i 2026-05-14 01:19:43+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mlrnl5s34g22 2026-05-17 15:04:58+00:00| seen|...
WordPress plugin MW WP Form 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-40896
Name of the Vulnerable Software and Affected Versions MW WP Form versions prior to 5.1.3 Description Insufficient restrictions in the get post property from querystring function allow unauthenticated attackers to extract data from private, draft, or password-protected posts. Recommendations Updat...
CVE-2026-7051
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...
CVE-2025-61972
creationtimestamp| type| source ---|---|--- 2026-05-13 05:11:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlpk3nswl32n 2026-05-13 05:35:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlplh5jpni2v...