CVE-2026-1786 Twitter posts to Blog <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update

The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dgtwoptions' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update plugin settings including...

X_holes

Products : xstat v2.3 and less xnews v1.1 Website : http://www.xqus.com/ problems : xstat : - Recovery of numerous data about the computer phpinfo . - Cross Site Scripting - Path disclosure xnews : - Access to the admin menu More details in french : http://www.ifrance.com/kitetoua/tuto/xholes.txt...