Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

296 matches found

Vulnrichment
Vulnrichmentadded 2026/02/03 5:30 a.m.3 views

CVE-2026-0950 Spectra Gutenberg Blocks <= 2.19.17 - Unauthenticated Information Disclosure in Sensitive Data

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This is due to the plugin failing to check postpasswordrequired before rendering post excerpts in the renderexcerpt...

5.3CVSS5.4AI score0.00137EPSS
Exploits0References10
Cvelist
Cvelistadded 2026/02/03 5:30 a.m.23 views

CVE-2026-0950 Spectra Gutenberg Blocks <= 2.19.17 - Unauthenticated Information Disclosure in Sensitive Data

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This is due to the plugin failing to check postpasswordrequired before rendering post excerpts in the renderexcerpt...

5.3CVSS0.00137EPSS
Exploits0References10
CVE
CVEadded 2026/02/03 5:30 a.m.9 views

CVE-2026-0950

The CVE-2026-0950 affects the Spectra Gutenberg Blocks – Website Builder for the Block Editor WordPress plugin. All versions up to 2.19.17 are reported vulnerable to Information Disclosure due to failing to check post_password_required() before rendering post excerpts in render_excerpt() and in u...

5.3CVSS5.4AI score0.00137EPSS
Exploits0References10
EUVD
EUVDadded 2026/02/03 5:30 a.m.4 views

EUVD-2026-5268

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This is due to the plugin failing to check postpasswordrequired before rendering post excerpts in the renderexcerpt...

5.3CVSS5.4AI score0.00137EPSS
Exploits0References10
RedhatCVE
RedhatCVEadded 2026/01/26 3:12 a.m.3 views

CVE-2025-6461

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS5.6AI score0.00068EPSS
Exploits0References1
NVD
NVDadded 2026/01/25 3:15 a.m.3 views

CVE-2025-6461

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS0.00068EPSS
Exploits0References2
CVE
CVEadded 2026/01/25 2:22 a.m.7 views

CVE-2025-6461

CVE-2025-6461 affects the CubeWP Framework (WordPress) and is due to Information Exposure via the search functionality in class-cubewp-search-ajax-hooks.php. It applies to all versions up to and including 1.1.27, enabling unauthenticated attackers to retrieve data from password-protected, private...

4.3CVSS5.6AI score0.00068EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/01/25 2:22 a.m.2 views

CVE-2025-6461 CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS5.9AI score0.00068EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/01/25 2:22 a.m.28 views

CVE-2025-6461 CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS0.00068EPSS
Exploits0References2
EUVD
EUVDadded 2026/01/25 2:22 a.m.9 views

EUVD-2026-4642

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS5.6AI score0.00068EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/01/25 12:0 a.m.4 views

PT-2026-4645

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS5.6AI score0.00068EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/01/17 7:27 a.m.20 views

CVE-2025-12129 CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Information Exposure

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...

5.3CVSS0.00069EPSS
Exploits0References2
EUVD
EUVDadded 2026/01/17 7:27 a.m.3 views

EUVD-2026-3147

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...

5.3CVSS5.7AI score0.00069EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/01/17 7:27 a.m.2 views

CVE-2025-12129

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...

5.3CVSS5.5AI score0.00069EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/01/17 12:0 a.m.2 views

PT-2026-3353

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...

5.3CVSS6.2AI score0.00069EPSS
Exploits0References3
NVD
NVDadded 2026/01/16 5:16 a.m.4 views

CVE-2025-15527

The WP Recipe Maker plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 10.2.2 via the apigetpostsummary function due to insufficient restrictions on which posts can be retrieved. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS0.00019EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/01/16 4:44 a.m.2 views

CVE-2025-15527 WP Recipe Maker <= 10.2.2 - Insecure Direct Object Reference to Sensitive Information Exposure

The WP Recipe Maker plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 10.2.2 via the apigetpostsummary function due to insufficient restrictions on which posts can be retrieved. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS5.6AI score0.00019EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/01/16 12:0 a.m.4 views

PT-2026-3217

The WP Recipe Maker plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 10.2.2 via the api get post summary function due to insufficient restrictions on which posts can be retrieved. This makes it possible for authenticated attackers, with Contributor-leve...

4.3CVSS6AI score0.00019EPSS
Exploits0References6
CVE
CVEadded 2026/01/10 6:32 a.m.8 views

CVE-2025-14943

CVE-2025-14943 affects Blog2Social: Social Media Auto Post & Scheduler for WordPress. The vulnerability arises from a misconfigured authorization check in getShipItemFullText: it only verifies Subscriber-level read capability and a valid nonce, but does not confirm access permissions for the spec...

4.3CVSS5.2AI score0.00045EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/01/10 6:32 a.m.2 views

CVE-2025-14943 Blog2Social: Social Media Auto Post & Scheduler <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.7.2. This is due to a misconfigured authorization check on the 'getShipItemFullText' function which only verifies that a user has the...

4.3CVSS5.2AI score0.00045EPSS
Exploits0References3
Rows per page
Query Builder