89 matches found
EUVD-2026-29899
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...
CVE-2026-3155 OneSignal – Web Push Notifications <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Post Meta Deletion via 'post_id'
The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.8.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
CVE-2026-4573
A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/formhandlers/deletepost.php of the component HTTP GET Parameter Handler. The manipulation of the argument postid leads to sql injection. It is possible to...
EUVD-2026-14363
A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/formhandlers/deletepost.php of the component HTTP GET Parameter Handler. The manipulation of the argument postid leads to sql injection. It is possible to...
CVE-2026-4573
A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/formhandlers/deletepost.php of the component HTTP GET Parameter Handler. The manipulation of the argument postid leads to sql injection. It is possible to...
CVE-2026-4573 SourceCodester Simple E-learning System HTTP GET Parameter delete_post.php sql injection
A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/formhandlers/deletepost.php of the component HTTP GET Parameter Handler. The manipulation of the argument postid leads to sql injection. It is possible to...
CVE-2026-4573
A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/formhandlers/deletepost.php of the component HTTP GET Parameter Handler. The manipulation of the argument postid leads to sql injection. It is possible to...
Simple E-Learning System SQL注入漏洞
Simple E-Learning System is a simple e-learning system developed by Carlo Montero. Version 1.0 of Simple E-Learning System has a SQL injection vulnerability. This vulnerability arises from improper handling of the postid parameter in the HTTP GET Parameter Handler component located in the file...
PT-2026-27050
Name of the Vulnerable Software and Affected Versions SourceCodester Simple E-learning System version 1.0 Description A security issue exists in SourceCodester Simple E-learning System 1.0. The issue is related to SQL injection within the /includes/form handlers/delete post.php file, specifically...
CVE-2026-2083
A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file /deletepost.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to th...
CVE-2026-2083
A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file /deletepost.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to th...
CVE-2026-2083
A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file /deletepost.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to th...
CVE-2026-2083 code-projects Social Networking Site delete_post.php sql injection
A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file /deletepost.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to th...
CVE-2026-2083 code-projects Social Networking Site delete_post.php sql injection
A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file /deletepost.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to th...
CVE-2026-2083
CVE-2026-2083 affects code-projects Social Networking Site 1.0. The flaw is in the unknown function of the file /delete_post.php ; manipulating the ID argument yields an SQL injection . It is remotely exploitable and the exploit has been publicly released. Multiple sources (NVD, Red Hat, CVE list...
Code-Projects Social Networking Site SQL注入漏洞
Code-Projects Social Networking Site is an open-source social networking site developed by Code-Projects. Version 1.0 of Code-Projects Social Networking Site has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file /deletepost.php, which...
PT-2026-6901
Name of the Vulnerable Software and Affected Versions code-projects Social Networking Site version 1.0 Description A security flaw exists in code-projects Social Networking Site 1.0. The issue is related to SQL injection in an unknown function within the /delete post.php file. Manipulating the ID...
PT-2026-1761
Name of the Vulnerable Software and Affected Versions User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin versions prior to 4.4.9 Description The plugin is susceptible to a Cross-Site Request Forgery CSRF issu...
CVE-2025-14741
CVE-2025-14741 affects Frontend Admin by DynamiApps (WordPress) up to version 3.28.25. The issue is missing authorization for data deletion via the delete_object path, enabling unauthenticated attackers to delete posts, pages, products, taxonomy terms, and user accounts. Wordfence’s coverage conf...
WordPress Frontend Admin by DynamiApps plugin <= 3.28.25 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element vulnerability
Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element vulnerability discovered by andrea bocchetti in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.25...