68 matches found
WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerability
SQL Injection vulnerability discovered by hhhai in WordPress Plugin Tainacan versions = 1.0.3...
CVE-2026-42740 WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a through = 1.0.3...
CVE-2026-42740
The connected sources confirm a SQL Injection vulnerability in the WordPress Tainacan plugin, affecting version range
CVE-2026-42740 WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a through = 1.0.3...
WordPress Tainacan plugin <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Metadata Section Creation vulnerability
Missing Authorization to Unauthenticated Arbitrary Metadata Section Creation vulnerability discovered by Deadbee - NA in WordPress Plugin Tainacan versions = 1.0.1...
CVE-2025-14043
The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. This is due to the createitempermissionscheck function unconditionally returning true, which bypasses authentication and...
EUVD-2025-204652
The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. This is due to the createitempermissionscheck function unconditionally returning true, which bypasses authentication and...
CVE-2025-14043
The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. This is due to the createitempermissionscheck function unconditionally returning true, which bypasses authentication and...
CVE-2025-14043
CVE-2025-14043 affects the WordPress plugin Tainacan . Affected: versions up to and including 1.0.1. Root cause: the REST endpoint’s permissions check in create_item_permissions_check() unconditionally returns true, bypassing authentication/authorization validation. Impact: unauthenticated attack...
CVE-2025-14043 Tainacan <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Metadata Section Creation
The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. This is due to the createitempermissionscheck function unconditionally returning true, which bypasses authentication and...
WordPress plugin Tainacan 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-52573
Name of the Vulnerable Software and Affected Versions Tainacan plugin for WordPress versions up to and including 1.0.1 Description The Tainacan plugin for WordPress has a flaw where unauthorized metadata sections can be created. This is because the create item permissions check function always...
WordPress Tainacan plugin <= 1.0.0 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Peb - NA in WordPress Plugin Tainacan versions = 1.0.0...
CVE-2025-12746
The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...
CVE-2025-12747
The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate protection. This makes it possible for unauthenticated attackers to extract potentially sensitive...
CVE-2025-12747 Tainacan <= 1.0.0 - Unauthenticated Information Exposure
The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate protection. This makes it possible for unauthenticated attackers to extract potentially sensitive...
CVE-2025-12747
The CVE-2025-12747 entry describes an information exposure in the WordPress Tainacan plugin up to version 1.0.0, where private-uploaded files are exposed in wp-content and readable by unauthenticated users. Connected sources confirm the issue and indicate a fix was introduced (e.g., GitHub diff 1...
EUVD-2025-198495
The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate protection. This makes it possible for unauthenticated attackers to extract potentially sensitive...
CVE-2025-12747 Tainacan <= 1.0.0 - Unauthenticated Information Exposure
The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate protection. This makes it possible for unauthenticated attackers to extract potentially sensitive...
EUVD-2025-198414
The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...