21 matches found
CVE-2026-32357
Server-Side Request Forgery SSRF vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through = 2.37...
EUVD-2026-11847
Server-Side Request Forgery SSRF vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through = 2.37...
CVE-2026-32357
Server-Side Request Forgery SSRF vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through = 2.37...
CVE-2026-32357
CVE-2026-32357 is a reported SSRF flaw in the WordPress plugin Simple Blog Card (plugin version
CVE-2026-32357
Server-Side Request Forgery SSRF vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through = 2.37...
CVE-2026-32357 WordPress Simple Blog Card plugin <= 2.37 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through = 2.37...
CVE-2026-32357 WordPress Simple Blog Card plugin <= 2.37 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through = 2.37...
WordPress plugin Simple Blog Card 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-25204
CVE-2026-32357 Server-Side Request Forgery SSRF vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple B… https://t.co/rZPsS8Lbne...
CVE-2023-4036
The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones...
CVE-2023-4035
CVE-2023-4035 affects the Simple Blog Card WordPress plugin prior to 1.31. Public docs indicate insufficient validation/escaping of shortcode attributes, enabling Stored XSS when a user with Contributor+ privileges embeds the shortcode (example provided). Impact is stored XSS in pages/posts where...
CVE-2023-4036 Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access
The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones...
CVE-2023-4035 Simple Blog Card < 1.31 - Contributor+ Stored XSS via Shortcode
The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-4035 Simple Blog Card < 1.31 - Contributor+ Stored XSS via Shortcode
The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-4036
The CVE-2023-4036 issue affects the Simple Blog Card WordPress plugin (versions before 1.32). Affected behavior: the plugin does not ensure that posts shown via its shortcode are public, allowing any authenticated user (e.g., a subscriber) to retrieve post titles and content, including drafts, pr...
WordPress plugin Simple Blog Card 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress plugin Simple Blog Card 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
PT-2023-27410 · WordPress · Simple Blog Card
Name of the Vulnerable Software and Affected Versions: Simple Blog Card WordPress plugin version 1.32 and earlier Description: The issue allows any authenticated user to retrieve arbitrary post titles and their content, including drafts, private posts, and password-protected ones, because the...
PT-2023-27407 · WordPress · Simple Blog Card
Name of the Vulnerable Software and Affected Versions: The Simple Blog Card WordPress plugin versions prior to 1.31 Description: The issue arises from the plugin's failure to validate and escape some of its shortcode attributes before outputting them back in a page or post where the shortcode is...
WordPress Simple Blog Card Plugin < 1.32 is vulnerable to Sensitive Data Exposure
Software Simple Blog Card Type Plugin Vulnerable versions 1.32 Fixed in 1.32 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e0b1d4664953 Credits N/A Required privilege Subscriber...