6234 matches found
WordPress plugin Advanced Custom Fields 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Inquiry form to posts or pages plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inq_header' Parameter vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inqheader' Parameter vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Inquiry form to posts or pages versions = 1.0...
PT-2026-33021
The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.0. The katalogportal popup shortcode function is registered as an AJAX handler via wp ajax katalogportal shortcodePrinter but lacks any capability check current user can ...
PT-2026-33003
Name of the Vulnerable Software and Affected Versions Advanced Custom Fields ACF plugin for WordPress versions prior to 6.7.1 Description The plugin contains a flaw where AJAX field query endpoints accept user-supplied filter parameters that override field-configured restrictions without proper...
CVE-2026-34619
creationtimestamp| type| source ---|---|--- 2026-04-14 23:22:03+00:00| seen| Telegram/7o25spvsi10qoVsYDQCR4BvQZf2Pb0MXjY1dtOy-qDOy7tc 2026-04-15 12:00:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjjtuloymz2w 2026-04-15 13:55:20+00:00| seen|...
CVE-2026-34161 Chamilo LMS: Stored XSS via Malicious File Upload in Social Post Attachments Leads to Arbitrary JavaScript Execution
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting XSS vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing JavaScript via the...
CVE-2026-27289
creationtimestamp| type| source ---|---|--- 2026-04-14 20:10:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mji6rygv4l23 2026-04-14 20:19:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mji7cuopwy2a 2026-04-14 21:25:30+00:00| published-proof-of-concept|...
CVE-2026-38527
creationtimestamp| type| source ---|---|--- 2026-04-14 16:46:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjhtgdu6nh2u 2026-04-14 17:07:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjhulnqatj2z...
CVE-2026-38526
creationtimestamp| type| source ---|---|--- 2026-04-14 16:46:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjhtg4gn2c2h 2026-04-14 17:03:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjhudxtjxx2r 2026-04-16 17:23:41+00:00| seen|...
CVE-2026-39813
creationtimestamp| type| source ---|---|--- 2026-04-14 16:34:21+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjhspwbtnj2m 2026-04-14 17:12:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjhuum6ow52o 2026-04-14 17:28:30+00:00| seen|...
CVE-2026-33101
creationtimestamp| type| source ---|---|--- 2026-04-14 15:49:19+00:00| seen| https://www.thezdi.com/blog/2026/4/14/the-april-2026-security-update-review 2026-04-14 19:17:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mji3t735w42m 2026-04-14 20:16:29+00:00| seen|...
WordPress Smart Post Show - Post Grid, Post Carousel & Slider, and List Category Posts plugin <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection vulnerability
WordPress Smart Post Show - Post Grid, Post Carousel & Slider, and List Category Posts plugin = 3.0.12 - Authenticated Administrator+ PHP Object Injection vulnerability discovered by Vilaysone CHANTHAVONG 0xJ0cKkY - Cyberus Technologies in WordPress Plugin Post Grid, Post Carousel, & List Categor...
CVE-2026-25654
creationtimestamp| type| source ---|---|--- 2026-04-14 03:04:52+00:00| seen| https://www.acn.gov.it/portale/w/aggiornamenti-per-prodotti-siemens-20 2026-04-14 09:51:07+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjh46vwdxg2s 2026-04-14 10:16:11+00:00| seen|...
CVE-2026-27668
creationtimestamp| type| source ---|---|--- 2026-04-14 03:04:52+00:00| seen| https://www.acn.gov.it/portale/w/aggiornamenti-per-prodotti-siemens-20 2026-04-14 09:51:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjh475wwx724 2026-04-14 09:51:36+00:00| seen|...
CVE-2026-27681
creationtimestamp| type| source ---|---|--- 2026-04-14 01:00:04+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjg6jaq2s42h 2026-04-14 01:15:38+00:00| published-proof-of-concept| Telegram/j1YKUKFGBq5wmef4QEbA7k-TdRl9f0BaDNzVfGs6U0ZXPS4 2026-04-14 01:30:30+00:00| seen|...
CVE-2026-5169
The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Form Header' field in versions up to and including 1.0. This is due to insufficient input sanitization when saving via updateoption and lack of output escaping when displaying the stored...
CVE-2026-34476
creationtimestamp| type| source ---|---|--- 2026-04-13 14:50:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjf4hp7cww2g 2026-04-13 14:53:22+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mjf4mhlkkj2e 2026-04-13 16:13:44+00:00| seen|...
CVE-2026-5085
creationtimestamp| type| source ---|---|--- 2026-04-13 14:45:45+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mjf46t6yhk2c 2026-04-13 15:37:02+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjf72jlhzx25 2026-04-13 18:01:28+00:00|...
WordPress ActivityPub Routing plugin < 8.0.2 - Unauthenticated Drafts/Scheduled/Pending Posts Disclosure vulnerability
Unauthenticated Drafts/Scheduled/Pending Posts Disclosure vulnerability discovered by ryuk kos0ng in WordPress Plugin ActivityPub versions 8.0.2...
CVE-2026-6132
creationtimestamp| type| source ---|---|--- 2026-04-13 00:00:25+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mjdkpq6uf32b 2026-04-13 00:00:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjdkpu4olb24 2026-04-13 00:00:34+00:00| seen|...