Lucene search
K

6 matches found

NVD
NVD
added 2026/06/16 6:16 a.m.11 views

CVE-2026-10780

The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the staticblockcontent shortcode handler retrieving a post via getpost using an attacker-supplied 'id' attribute and outputting its postcontent without...

4.3CVSS0.00211EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/16 4:30 a.m.28 views

CVE-2026-10780 Static Block <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode 'id' Attribute

The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the staticblockcontent shortcode handler retrieving a post via getpost using an attacker-supplied 'id' attribute and outputting its postcontent without...

4.3CVSS0.00211EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/16 4:30 a.m.11 views

EUVD-2026-37034

The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the staticblockcontent shortcode handler retrieving a post via getpost using an attacker-supplied 'id' attribute and outputting its postcontent without...

4.3CVSS5.4AI score0.00211EPSS
Exploits0References4
CVE
CVE
added 2026/06/16 4:30 a.m.10 views

CVE-2026-10780

CVE-2026-10780 affects the WordPress Static Block plugin (versions up to 2.2). The vulnerability is an Insecure Direct Object Reference in the static_block_content() shortcode handler, which retrieves a post with get_post() using an attacker-controlled id and outputs its post_content without vali...

4.3CVSS5.5AI score0.00211EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.12 views

PT-2026-49611

Name of the Vulnerable Software and Affected Versions Static Block versions prior to 2.3 Description The Static Block plugin for WordPress contains an Insecure Direct Object Reference. This occurs because the static block content shortcode handler uses the get post function to retrieve a post bas...

4.3CVSS6AI score0.00211EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/06/15 4:26 p.m.7 views

WordPress Static Block plugin <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Disclosure vulnerability discovered by dyingman in WordPress Plugin Static Block versions = 2.2...

4.3CVSS5.3AI score0.00211EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder