118 matches found
CVE-2025-71248
...
PT-2026-20846
Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9 Description SPIP versions before 4.4.9 contain a Stored Cross-Site Scripting XSS issue related to syndicated sites within the private area. The URL SYNDIC output is not sufficiently sanitized when displaying detail...
PT-2026-20914
Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9 Description SPIP versions prior to 4.4.9 contain a Stored Cross-Site Scripting XSS issue related to syndicated sites within the private area. The output from URL SYNDIC is not adequately sanitized when displaying...
WordPress RESTful Content Syndication plugin 1.1.0 - 1.5.0 - Authenticated (Author+) Arbitrary File Upload vulnerability
WordPress RESTful Content Syndication plugin 1.1.0 - 1.5.0 - Authenticated Author+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin RESTful Content Syndication versions 1.1.0-1.5.0...
WordPress RSS Aggregator by Feedzy Code Issue Vulnerability
WordPress RSS Aggregator by Feedzy is a lightweight plugin designed for WordPress that focuses on automatically grabbing content from external RSS feeds and syndicating it to your website. WordPress RSS Aggregator by Feedzy has a code issue vulnerability that stems from the existence of a blind...
DRUPAL-CONTRIB-2025-125
This module provides a centralized content distribution and syndication solution so thta customers can publish, reuse, and syndicate content across a network of Drupal websites. The module doesn't sufficiently protect export routes from cross-site request forgery CSRF attacks, potentially allowin...
Acquia Content Hub - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-125
This module provides a centralized content distribution and syndication solution so thta customers can publish, reuse, and syndicate content across a network of Drupal websites. The module doesn't sufficiently protect export routes from cross-site request forgery CSRF attacks, potentially allowin...
CVE-2025-12962
The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5a via the url parameter in the syndicatelocal shortcode. This is due to the use of wpremoteget instead of wpsaferemoteget which lacks protections against requests to...
EUVD-2025-197944
The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5a via the url parameter in the syndicatelocal shortcode. This is due to the use of wpremoteget instead of wpsaferemoteget which lacks protections against requests to...
CVE-2025-12962
CVE-2025-12962 affects the WordPress Local Syndication plugin up to version 1.5a. The vulnerability is a Server-Side Request Forgery (SSRF) triggered via the url parameter in the [syndicate_local] shortcode. It arises from using wp_remote_get() instead of wp_safe_remote_get(), which lacks protect...
CVE-2025-12962 Local Syndication <= 1.5a - Authenticated (Contributor+) Server-Side Request Forgery via Shortcode
The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5a via the url parameter in the syndicatelocal shortcode. This is due to the use of wpremoteget instead of wpsaferemoteget which lacks protections against requests to...
PT-2025-47265
Name of the Vulnerable Software and Affected Versions Local Syndication plugin for WordPress versions prior to 1.5a Description The Local Syndication plugin for WordPress is susceptible to Server-Side Request Forgery SSRF in versions up to and including 1.5a. The issue stems from the use of wp...
WordPress plugin Local Syndication 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
WordPress Local Syndication plugin <= 1.5a - Authenticated (Contributor+) Server-Side Request Forgery via Shortcode vulnerability
Authenticated Contributor+ Server-Side Request Forgery via Shortcode vulnerability discovered by Ivan Cese in WordPress Plugin Local Syndication versions = 1.5a...
CVE-2025-12171
The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingestimage function in versions 1.1.0 to 1.5.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary file...
EUVD-2025-37426
The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingestimage function in versions 1.1.0 to 1.5.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary file...
CVE-2025-12171
The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingestimage function in versions 1.1.0 to 1.5.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary file...
CVE-2025-12171 RESTful Content Syndication 1.1.0 - 1.5.0 - Authenticated (Contributor+) Arbitrary File Upload
The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingestimage function in versions 1.1.0 to 1.5.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary file...
CVE-2025-12171 RESTful Content Syndication 1.1.0 - 1.5.0 - Authenticated (Contributor+) Arbitrary File Upload
The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingestimage function in versions 1.1.0 to 1.5.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary file...
CVE-2025-12171
CVE-2025-12171 concerns the WordPress RESTful Content Syndication plugin (versions 1.1.0–1.5.0). The vulnerability is an arbitrary file upload flaw caused by missing file-type validation in ingest_image(), allowing authenticated attackers with Author-level access (or higher) to upload arbitrary f...