21 matches found
CVE-2026-32357
Server-Side Request Forgery SSRF vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through = 2.37...
EUVD-2026-11847
Server-Side Request Forgery SSRF vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through = 2.37...
CVE-2026-32357
Server-Side Request Forgery SSRF vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through = 2.37...
CVE-2026-32357 WordPress Simple Blog Card plugin <= 2.37 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through = 2.37...
CVE-2026-32357 WordPress Simple Blog Card plugin <= 2.37 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through = 2.37...
CVE-2026-32357
Server-Side Request Forgery SSRF vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through = 2.37...
CVE-2026-32357
CVE-2026-32357 is a reported SSRF flaw in the WordPress plugin Simple Blog Card (plugin version
WordPress plugin Simple Blog Card 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-25204
CVE-2026-32357 Server-Side Request Forgery SSRF vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple B… https://t.co/rZPsS8Lbne...
CVE-2023-4036
The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones...
CVE-2023-4035 Simple Blog Card < 1.31 - Contributor+ Stored XSS via Shortcode
The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-4036 Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access
The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones...
CVE-2023-4035 Simple Blog Card < 1.31 - Contributor+ Stored XSS via Shortcode
The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-4036
The CVE-2023-4036 issue affects the Simple Blog Card WordPress plugin (versions before 1.32). Affected behavior: the plugin does not ensure that posts shown via its shortcode are public, allowing any authenticated user (e.g., a subscriber) to retrieve post titles and content, including drafts, pr...
CVE-2023-4035
CVE-2023-4035 affects the Simple Blog Card WordPress plugin prior to 1.31. Public docs indicate insufficient validation/escaping of shortcode attributes, enabling Stored XSS when a user with Contributor+ privileges embeds the shortcode (example provided). Impact is stored XSS in pages/posts where...
WordPress plugin Simple Blog Card 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
WordPress plugin Simple Blog Card 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
PT-2023-27410 · WordPress · Simple Blog Card
Name of the Vulnerable Software and Affected Versions: Simple Blog Card WordPress plugin version 1.32 and earlier Description: The issue allows any authenticated user to retrieve arbitrary post titles and their content, including drafts, private posts, and password-protected ones, because the...
PT-2023-27407 · WordPress · Simple Blog Card
Name of the Vulnerable Software and Affected Versions: The Simple Blog Card WordPress plugin versions prior to 1.31 Description: The issue arises from the plugin's failure to validate and escape some of its shortcode attributes before outputting them back in a page or post where the shortcode is...
WordPress Simple Blog Card Plugin < 1.32 is vulnerable to Sensitive Data Exposure
Software Simple Blog Card Type Plugin Vulnerable versions 1.32 Fixed in 1.32 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e0b1d4664953 Credits N/A Required privilege Subscriber...