Exploit for CVE-2025-54352

CVE-2025-54352 PoC Usage Steps to install and test the Wor...

CVE-2021-24635

The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user such as subscriber to call them and 1 Get and search through title and content of Draft post, ...

CVE-2023-1911 Blocksy Companion < 1.8.82 - Subscriber+ Draft Post Access

The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example...

PT-2023-17333 · WordPress · Blocksy Companion

Name of the Vulnerable Software and Affected Versions: Blocksy Companion WordPress plugin versions prior to 1.8.82 Description: The issue allows any authenticated users, such as subscribers, to access draft posts via a shortcode, because it does not ensure that posts are already public and can be...

PT-2023-16974 · WordPress · Wp Tiles

Name of the Vulnerable Software and Affected Versions: WP Tiles WordPress plugin versions 1.1.2 and earlier Description: The issue allows any authenticated users, such as subscribers, to retrieve the titles of draft and private posts. An attacker could also retrieve the title of any other type of...

Blocksy Companion < 1.8.82 - Subscriber+ Draft Post Access

The plugin does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example Run the below command in the developer console of the web browser while being on the blog as a subscrib...