CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/05 7:42 p.m.•7 views

CVE-2025-9989

The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS5.6AI score0.0019EPSS

RedhatCVE•added 2026/06/05 7:42 p.m.•7 views

CVE-2025-9988

The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the createadvertiser AJAX action in all versions up to, and including, 1.53.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create...

4.3CVSS5.5AI score0.00158EPSS

RedhatCVE•added 2026/06/05 7:34 p.m.•6 views

CVE-2026-1881

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.4AI score0.00219EPSS

RedhatCVE•added 2026/06/05 7:33 p.m.•5 views

CVE-2026-45210

Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through = 1.52.2...

5.4CVSS5.5AI score0.0017EPSS

NVD•added 2026/05/21 2:16 a.m.•16 views

CVE-2026-1881

4.3CVSS0.00219EPSS

EUVD•added 2026/05/21 1:26 a.m.•11 views

EUVD-2026-31206

Cvelist•added 2026/05/21 1:26 a.m.•44 views

CVE-2026-1881 Broadstreet <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure via get_sponsored_meta

4.3CVSS0.00219EPSS

Vulnrichment•added 2026/05/21 1:26 a.m.•8 views

CVE-2026-1881 Broadstreet <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure via get_sponsored_meta

CVE•added 2026/05/21 1:26 a.m.•19 views

CVE-2026-1881

The CVE-2026-1881 entry concerns the Broadstreet WordPress plugin (versions

ATTACKERKB•added 2026/05/21 1:26 a.m.•5 views

CVE-2026-1881

Positive Technologies•added 2026/05/21 12:0 a.m.•10 views

Exploits0References3

PT-2026-42391

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the get sponsored meta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

CNNVD•added 2026/05/21 12:0 a.m.•8 views

Exploits0References3

WordPress plugin Broadstreet 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.9AI score0.00219EPSS

Patchstack•added 2026/05/20 1:15 p.m.•9 views

WordPress Broadstreet plugin <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure vulnerability

Authenticated Subscriber+ Private Post Meta Disclosure vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Broadstreet Ads versions = 1.52.2...

Exploits0References1Affected Software1

NVD•added 2026/05/13 5:16 a.m.•6 views

CVE-2025-9987

5.3CVSS0.0027EPSS

NVD•added 2026/05/13 5:16 a.m.•7 views

CVE-2025-9988

4.3CVSS0.00158EPSS