6233 matches found
CVE-2026-21719
creationtimestamp| type| source ---|---|--- 2026-04-16 20:00:00+00:00| seen| https://jvn.jp/en/jp/JVN78422311 2026-04-17 06:00:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116418519259243532 2026-04-17 06:00:31+00:00| seen|...
CVE-2026-6414
creationtimestamp| type| source ---|---|--- 2026-04-16 13:15:27+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mjmik2cvw22a 2026-04-16 13:36:32+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mjmjpo4gfc2n 2026-04-16 14:58:59+00:00| seen|...
CVE-2026-3155
The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.8.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
CVE-2026-0718
The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultpshareCountcallback function in all versions up to, and including, 5.0.5. This makes it possible for...
PT-2026-33282
The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultp shareCount callback function in all versions up to, and including, 5.0.5. This makes it possible for...
PT-2026-33307
The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.8.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
CVE-2026-20180
creationtimestamp| type| source ---|---|--- 2026-04-15 16:21:38+00:00| seen| https://infosec.exchange/users/AAKL/statuses/116409637135769540 2026-04-15 17:18:54+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjkfoj4tgf2w 2026-04-15 17:21:15+00:00| seen|...
CVE-2026-3649
The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.0. The katalogportalpopupshortcode function is registered as an AJAX handler via wpajaxkatalogportalshortcodePrinter but lacks any capability check currentusercan or nonc...
CVE-2026-1555
creationtimestamp| type| source ---|---|--- 2026-04-15 04:30:31+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mjj2qkoar62p 2026-04-15 04:30:31+00:00| seen| https://infosec.exchange/users/offseq/statuses/116406840802962869 2026-04-15 05:06:37+00:00| seen|...
CVE-2026-4812
The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions witho...
WordPress Advanced Custom Fields (ACF®) plugin <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters vulnerability
Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters vulnerability discovered by Fernando Mecozzi in WordPress Plugin Advanced Custom Fields versions = 6.7.0...
CVE-2026-4812 Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters
The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions witho...
CVE-2026-4812 Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters
The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions witho...
CVE-2026-4812
The CVE describes a vulnerability in Advanced Custom Fields (ACF) for WordPress, affecting versions up to 6.7.0. The issue arises from AJAX field query endpoints that accept user-supplied filter parameters, which override field-configured restrictions without proper authorization checks. This all...
CVE-2026-4812
The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions witho...
CVE-2026-34003
creationtimestamp| type| source ---|---|--- 2026-04-15 00:01:55+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqa5my42c 2026-04-15 00:01:59+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqekqju2g 2026-04-19 02:01:28+00:00| seen|...
CVE-2026-33999
creationtimestamp| type| source ---|---|--- 2026-04-15 00:01:54+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqa5my42c 2026-04-15 00:01:57+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqdjg3t2u 2026-04-19 02:01:26+00:00| seen|...
CVE-2026-34001
creationtimestamp| type| source ---|---|--- 2026-04-15 00:01:54+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqa5my42c 2026-04-15 00:01:58+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqdjg3t2u 2026-04-19 02:01:28+00:00| seen|...
CVE-2026-34000
creationtimestamp| type| source ---|---|--- 2026-04-15 00:01:54+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqa5my42c 2026-04-15 00:01:58+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqdjg3t2u 2026-04-19 02:01:28+00:00| seen|...
WordPress plugin Advanced Custom Fields 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...