CVE-2025-11983 WP Discourse <= 2.5.9 - Authenticated (Author+) Information Exposure

The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...

The vulnerability of the application programming interface of the Discourse-jira plugin for the Discourse mailing list management software allows a attacker to execute an SSRF attack.

The vulnerability of the application programming interface of the Discourse-jira plugin for the Discourse mailing list management software is related to the implementation of an incorrect control flow. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...