Lucene search
K

55 matches found

RedhatCVE
RedhatCVE
added 2026/04/23 8:38 p.m.7 views

CVE-2026-4280

The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...

6.5CVSS5.8AI score0.00814EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/22 11:20 a.m.4 views

WordPress Breaking News WP plugin <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Local File Inclusion/Read vulnerability

Missing Authorization to Authenticated Subscriber+ Local File Inclusion/Read vulnerability discovered by t0ann9uy3n in WordPress Plugin Breaking News WP versions = 1.3...

6.5CVSS5.8AI score0.00814EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/22 9:31 a.m.7 views

EUVD-2026-24688

The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...

6.5CVSS5.8AI score0.00814EPSS
Exploits0References8
NVD
NVD
added 2026/04/22 9:16 a.m.6 views

CVE-2026-4280

The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...

6.5CVSS0.00814EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/22 7:45 a.m.29 views

CVE-2026-4280 Breaking News WP <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Local File Inclusion/Read

The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...

6.5CVSS0.00814EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:45 a.m.2 views

CVE-2026-4280

The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...

6.5CVSS5.8AI score0.00814EPSS
Exploits0References8
CVE
CVE
added 2026/04/22 7:45 a.m.8 views

CVE-2026-4280

CVE-2026-4280 affects Breaking News WP for WordPress (versions up to 1.3). The brnwp_ajax_form endpoint lacks authorization checks and CSRF verification, and the brnwp_show_breaking_news_wp() shortcode handler directly passes brnwp_theme to include(), enabling Local File Inclusion via directory t...

6.5CVSS5.8AI score0.00814EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34300

Name of the Vulnerable Software and Affected Versions Breaking News WP versions prior to 1.4 Description The Breaking News WP plugin for WordPress contains a Local File Inclusion issue. The 'brnwp ajax form' AJAX endpoint lacks authorization checks and CSRF verification. Additionally, there is...

6.5CVSS5.8AI score0.00814EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-4027

Malicious code in bioql PyPI...

6.5CVSS9.1AI score0.00259EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-9269

Malicious code in bioql PyPI...

5.9CVSS6.9AI score0.00323EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-9265

Malicious code in bioql PyPI...

6.5CVSS7.3AI score0.00234EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/30 6:18 p.m.2 views

CVE-2025-58217

Cross-Site Request Forgery CSRF vulnerability in GeroNikolov Instant Breaking News instant-breaking-news allows Stored XSS.This issue affects Instant Breaking News: from n/a through = 1.0...

7.1CVSS5.9AI score0.00105EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/08/27 7:8 p.m.4 views

WordPress Instant Breaking News Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Instant Breaking News versions = 1.0...

7.1CVSS6.6AI score0.00105EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/08/27 5:45 p.m.10 views

CVE-2025-58217 WordPress Instant Breaking News Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in GeroNikolov Instant Breaking News instant-breaking-news allows Stored XSS.This issue affects Instant Breaking News: from n/a through = 1.0...

7.1CVSS0.00105EPSS
Exploits0References1
CVE
CVE
added 2025/08/27 5:45 p.m.12 views

CVE-2025-58217

CVE-2025-58217 affects WordPress plugin Instant Breaking News: CSRF vulnerability that enables stored XSS. Impact per documents: requires user interaction; affected versions from n/a through 1.0. Exploitation status not provided; remediation: patch applied (Patched) per Wordfence listing. If usin...

7.1CVSS5.9AI score0.00105EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/27 5:45 p.m.1 views

CVE-2025-58217 WordPress Instant Breaking News Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in GeroNikolov Instant Breaking News instant-breaking-news allows Stored XSS.This issue affects Instant Breaking News: from n/a through = 1.0...

7.1CVSS5.9AI score0.00105EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.2 views

PT-2025-34926 · Unknown · Geronikolov Instant Breaking News

Name of the Vulnerable Software and Affected Versions: GeroNikolov Instant Breaking News versions n/a through 1.0 Description: A Cross-Site Request Forgery CSRF vulnerability exists in GeroNikolov Instant Breaking News, which also allows Stored Cross-Site Scripting XSS. Recommendations: At the...

7.1CVSS6AI score0.00105EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/27 12:0 a.m.1 views

WordPress plugin Instant Breaking News 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. Cross-site request forgery vulnerability...

7.1CVSS5.9AI score0.00105EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:37 a.m.7 views

CVE-2024-8056

The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.1CVSS6.2AI score0.00307EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/03 4:27 p.m.9 views

CVE-2025-31750

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in doit Breaking News WP breaking-news-wp allows Stored XSS.This issue affects Breaking News WP: from n/a through = 1.3...

5.9CVSS7.2AI score0.00323EPSS
Exploits0References1
Rows per page
Query Builder