CVE-2026-1115

CVE-2026-1115 affects parisneo/lollms prior to 2.2.0. A Stored XSS in create_post allows user-supplied content to be stored in DBPost and later rendered in the Home Feed, potentially executing in victims’ browsers and affecting administrators. Affected component: backend/routers/social/init .py. ...

CVE-2012-4421

The createpost function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing...

Design/Logic Flaw

The createpost function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing...

CVE-2012-4421

The createpost function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing...

CVE-2012-4421

The createpost function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing...