Lucene search
K

118 matches found

Cvelist
Cvelist
added 2026/02/19 2:58 p.m.20 views

CVE-2025-71248

...

Exploits0
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.3 views

PT-2026-20846

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9 Description SPIP versions before 4.4.9 contain a Stored Cross-Site Scripting XSS issue related to syndicated sites within the private area. The URL SYNDIC output is not sufficiently sanitized when displaying detail...

6.4CVSS5.4AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.4 views

PT-2026-20914

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9 Description SPIP versions prior to 4.4.9 contain a Stored Cross-Site Scripting XSS issue related to syndicated sites within the private area. The output from URL SYNDIC is not adequately sanitized when displaying...

6.4CVSS5.2AI score0.0026EPSS
Exploits0References7
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress RESTful Content Syndication plugin 1.1.0 - 1.5.0 - Authenticated (Author+) Arbitrary File Upload vulnerability

WordPress RESTful Content Syndication plugin 1.1.0 - 1.5.0 - Authenticated Author+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin RESTful Content Syndication versions 1.1.0-1.5.0...

8.8CVSS5.3AI score0.00493EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2025/12/16 12:0 a.m.5 views

WordPress RSS Aggregator by Feedzy Code Issue Vulnerability

WordPress RSS Aggregator by Feedzy is a lightweight plugin designed for WordPress that focuses on automatically grabbing content from external RSS feeds and syndicating it to your website. WordPress RSS Aggregator by Feedzy has a code issue vulnerability that stems from the existence of a blind...

5.8CVSS7.2AI score0.00223EPSS
Exploits0References1
OSV
OSV
added 2025/12/10 5:53 p.m.5 views

DRUPAL-CONTRIB-2025-125

This module provides a centralized content distribution and syndication solution so thta customers can publish, reuse, and syndicate content across a network of Drupal websites. The module doesn't sufficiently protect export routes from cross-site request forgery CSRF attacks, potentially allowin...

8.1CVSS6.8AI score0.0013EPSS
Exploits0References1
Drupal
Drupal
added 2025/12/10 12:0 a.m.13 views

Acquia Content Hub - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-125

This module provides a centralized content distribution and syndication solution so thta customers can publish, reuse, and syndicate content across a network of Drupal websites. The module doesn't sufficiently protect export routes from cross-site request forgery CSRF attacks, potentially allowin...

8.1CVSS5.3AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/19 9:9 a.m.11 views

CVE-2025-12962

The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5a via the url parameter in the syndicatelocal shortcode. This is due to the use of wpremoteget instead of wpsaferemoteget which lacks protections against requests to...

6.4CVSS5.8AI score0.00205EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/18 8:27 a.m.5 views

EUVD-2025-197944

The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5a via the url parameter in the syndicatelocal shortcode. This is due to the use of wpremoteget instead of wpsaferemoteget which lacks protections against requests to...

6.4CVSS5.4AI score0.00205EPSS
Exploits0References4
CVE
CVE
added 2025/11/18 8:27 a.m.17 views

CVE-2025-12962

CVE-2025-12962 affects the WordPress Local Syndication plugin up to version 1.5a. The vulnerability is a Server-Side Request Forgery (SSRF) triggered via the url parameter in the [syndicate_local] shortcode. It arises from using wp_remote_get() instead of wp_safe_remote_get(), which lacks protect...

6.4CVSS5.5AI score0.00205EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/18 8:27 a.m.3 views

CVE-2025-12962 Local Syndication <= 1.5a - Authenticated (Contributor+) Server-Side Request Forgery via Shortcode

The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5a via the url parameter in the syndicatelocal shortcode. This is due to the use of wpremoteget instead of wpsaferemoteget which lacks protections against requests to...

6.4CVSS5.4AI score0.00205EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.6 views

PT-2025-47265

Name of the Vulnerable Software and Affected Versions Local Syndication plugin for WordPress versions prior to 1.5a Description The Local Syndication plugin for WordPress is susceptible to Server-Side Request Forgery SSRF in versions up to and including 1.5a. The issue stems from the use of wp...

6.4CVSS6.2AI score0.00205EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.6 views

WordPress plugin Local Syndication 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

6.4CVSS7AI score0.00205EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/11/17 11:3 p.m.6 views

WordPress Local Syndication plugin <= 1.5a - Authenticated (Contributor+) Server-Side Request Forgery via Shortcode vulnerability

Authenticated Contributor+ Server-Side Request Forgery via Shortcode vulnerability discovered by Ivan Cese in WordPress Plugin Local Syndication versions = 1.5a...

6.4CVSS7.1AI score0.00205EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/02 6:43 a.m.18 views

CVE-2025-12171

The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingestimage function in versions 1.1.0 to 1.5.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary file...

8.8CVSS7.5AI score0.00493EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/01 9:30 a.m.12 views

EUVD-2025-37426

The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingestimage function in versions 1.1.0 to 1.5.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary file...

8.8CVSS7AI score0.00493EPSS
Exploits0References3
NVD
NVD
added 2025/11/01 7:15 a.m.9 views

CVE-2025-12171

The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingestimage function in versions 1.1.0 to 1.5.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary file...

8.8CVSS0.00493EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/01 6:40 a.m.4 views

CVE-2025-12171 RESTful Content Syndication 1.1.0 - 1.5.0 - Authenticated (Contributor+) Arbitrary File Upload

The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingestimage function in versions 1.1.0 to 1.5.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary file...

8.8CVSS7.1AI score0.00493EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/01 6:40 a.m.11 views

CVE-2025-12171 RESTful Content Syndication 1.1.0 - 1.5.0 - Authenticated (Contributor+) Arbitrary File Upload

The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingestimage function in versions 1.1.0 to 1.5.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary file...

8.8CVSS0.00493EPSS
Exploits0References2
CVE
CVE
added 2025/11/01 6:40 a.m.14 views

CVE-2025-12171

CVE-2025-12171 concerns the WordPress RESTful Content Syndication plugin (versions 1.1.0–1.5.0). The vulnerability is an arbitrary file upload flaw caused by missing file-type validation in ingest_image(), allowing authenticated attackers with Author-level access (or higher) to upload arbitrary f...

8.8CVSS7.1AI score0.00493EPSS
Exploits0References2
Rows per page
Query Builder