Lucene search
K

500 matches found

CNNVD
CNNVD
added 2026/03/23 12:0 a.m.9 views

WordPress plugin Smart Custom Fields 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00289EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.11 views

PT-2026-27252

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational posts search function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and...

4.3CVSS5.8AI score0.00289EPSS
Exploits0References7
NVD
NVD
added 2026/03/19 10:16 p.m.17 views

CVE-2026-33355

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...

6.5CVSS0.00414EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:1 p.m.9 views

CVE-2026-33355

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...

6.5CVSS5.8AI score0.00414EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/19 10:1 p.m.3 views

CVE-2026-33355 Discourse filters whisper posts from private-posts feed

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...

6.5CVSS5.8AI score0.00414EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/19 10:1 p.m.6 views

EUVD-2026-13337

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...

6.5CVSS5.8AI score0.00414EPSS
Exploits0References4
CVE
CVE
added 2026/03/19 10:1 p.m.16 views

CVE-2026-33355

Discourse (open-source) is affected by CVE-2026-33355. The vulnerability affects the /private-posts endpoint where post-type visibility filtering was not applied, enabling regular PM participants to see whisper posts in PM topics to which they had access. Affected versions are 2026.3.0-latest.1, ...

6.5CVSS5.8AI score0.00414EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/19 10:1 p.m.4 views

CVE-2026-33355 Discourse filters whisper posts from private-posts feed

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...

6.5CVSS5.9AI score0.00414EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/19 10:1 p.m.27 views

CVE-2026-33355 Discourse filters whisper posts from private-posts feed

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...

6.5CVSS0.00414EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.8 views

Discourse 信息泄露漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from the /private-posts endpoint not applying post type...

6.5CVSS5.7AI score0.00414EPSS
Exploits0References4
OSV
OSV
added 2026/03/18 12:31 p.m.5 views

GHSA-G9W4-M5FX-X3WV Yoast Duplicate Post has an Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite

The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...

5.4CVSS5.7AI score0.00171EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.11 views

PT-2026-24659

Name of the Vulnerable Software and Affected Versions WordPress versions 6.9 through 6.9.1 Description WordPress core is susceptible to unauthorized access. The Notes feature, introduced in WordPress 6.9, allows for collaborative annotations on posts within the block editor. However, the REST API...

4.3CVSS5.1AI score0.00305EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/02/20 1:25 p.m.7 views

CVE-2026-1219

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 4.0 to 5.10 via the 'loadtracknoteajax' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers...

5.3CVSS5.6AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.5 views

CVE-2025-13842

The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $REQUEST'postid' parameter without verification in the...

5.3CVSS5.5AI score0.00322EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 10:16 a.m.9 views

CVE-2026-1219

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 4.0 to 5.10 via the 'loadtracknoteajax' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers...

5.3CVSS0.00245EPSS
Exploits0References4
CVE
CVE
added 2026/02/19 9:26 a.m.25 views

CVE-2026-1219

CVE-2026-1219 affects the WordPress plugin MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar. Versions 4.0–5.10 are exposed to an Insecure Direct Object Reference via load_track_note_ajax due to missing validation on a user-controlled key, allowing unauthenticated access to privat...

5.3CVSS5.5AI score0.00245EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/19 9:26 a.m.29 views

CVE-2026-1219 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 4.0 - 5.10 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 4.0 to 5.10 via the 'loadtracknoteajax' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers...

5.3CVSS0.00245EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/19 9:26 a.m.7 views

CVE-2026-1219

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 4.0 to 5.10 via the 'loadtracknoteajax' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers...

5.3CVSS5.5AI score0.00245EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/02/19 7:17 a.m.8 views

CVE-2025-13842

The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $REQUEST'postid' parameter without verification in the...

5.3CVSS0.00322EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.4 views

CVE-2025-13842 Breadcrumb NavXT <= 7.5.0 - Missing Authorization to Sensitive Information Exposure

The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $REQUEST'postid' parameter without verification in the...

5.3CVSS5.5AI score0.00322EPSS
Exploits0References3
Rows per page
Query Builder