WordPress ActivityPub Routing plugin < 8.0.2 - Unauthenticated Drafts/Scheduled/Pending Posts Disclosure vulnerability

Unauthenticated Drafts/Scheduled/Pending Posts Disclosure vulnerability discovered by ryuk kos0ng in WordPress Plugin ActivityPub versions 8.0.2...

CVE-2026-4330 Blog2Social: Social Media Auto Post & Scheduler <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2sid' parameter belongs to...

CVE-2026-4330 Blog2Social: Social Media Auto Post & Scheduler <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2sid' parameter belongs to...

CVE-2026-4338

CVE-2026-4338 (ActivityPub Routing

CVE-2026-4338 ActivityPub Routing < 8.0.2 - Unauthenticated Drafts/Scheduled/Pending Posts Disclosure

The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts...

CVE-2026-4338 ActivityPub Routing < 8.0.2 - Unauthenticated Drafts/Scheduled/Pending Posts Disclosure

The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts...

PT-2026-31089

CVE-2026-4338 The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts https://t.co/WVixohTZmU...

EUVD-2023-54538

Malicious code in bioql PyPI...

CVE-2025-0661

The DethemeKit For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the duplicatepost function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with...

PT-2025-6797 · WordPress · Dethemekit For Elementor

Name of the Vulnerable Software and Affected Versions: DethemeKit For Elementor plugin for WordPress versions up to, and including, 2.36 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from password protected, private, draft, or...

CVE-2024-12309

CVE-2024-12309 affects Rate My Post – Star Rating Plugin for WordPress (FeedbackWP). The vulnerability is an Insecure Direct Object Reference in get_post_status() due to missing validation on a user-controlled key, allowing unauthenticated voters to affect unpublished posts. The CVE entry notes v...

CVE-2024-12309 Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts

The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the getpoststatus due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...

CVE-2024-12309 Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts

The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the getpoststatus due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...

WordPress Rate My Post – WP Rating System plugin <= 4.2.4 - Unauthenticated Voting On Scheduled Posts vulnerability

Unauthenticated Voting On Scheduled Posts vulnerability discovered by HayMiz in WordPress Plugin Rate my Post versions = 4.2.4...

PT-2024-39068 · WordPress · Themesflat Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Themesflat Addons For Elementor plugin for WordPress versions up to, and including, 2.2.1 Description: The issue allows authenticated attackers with Contributor-level access and above to extract limited post information from draft and future...

CVE-2024-1452

The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.2 via Query Loop. This makes it possible for authenticated attackers, with contributor access and above, to see contents of posts and pages in draft or private status ...

CVE-2024-2107

The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.4 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled posts...

CVE-2024-2107

The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.3 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled posts...

Design/Logic Flaw

The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.4 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled posts...

CVE-2024-2107 Blossom Spa <= 1.3.3 - Sensitive Information Exposure

The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.3 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled posts...