8 matches found
CVE-2025-11983
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...
EUVD-2025-37422
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...
CVE-2025-11983
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...
CVE-2025-11983
The WP Discourse WordPress plugin (versions up to and including 2.5.9) exposes Discourse API credentials (Api-Key and Api-Username) by unconditionally sending them to any host specified in a post’s discourse_permalink field during comment synchronization. This information exposure can be exploite...
CVE-2025-11983 WP Discourse <= 2.5.9 - Authenticated (Author+) Information Exposure
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...
CVE-2025-11983 WP Discourse <= 2.5.9 - Authenticated (Author+) Information Exposure
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...
PT-2025-44710
Name of the Vulnerable Software and Affected Versions WP Discourse plugin for WordPress versions through 2.5.9 Description The WP Discourse plugin for WordPress is susceptible to information disclosure. The plugin unconditionally transmits Discourse API credentials Api-Key and Api-Username header...
CVE-2025-9621
The WidgetPack Comment System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation on the wpcmtsync action in the wpcmtrequesthandler function. This makes it possible for unauthenticated...