CVE-2025-8091 EventON Lite <= 2.4.7 - Authenticated (Contributor+) Information Disclosure

The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the addsingleeventon and addeventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to...

CVE-2025-8091 EventON Lite <= 2.4.6 - Authenticated (Contributor+) Information Disclosure

The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the addsingleeventon and addeventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to...

PT-2025-33465 · WordPress · Eventon Lite

Name of the Vulnerable Software and Affected Versions: EventON Lite versions prior to 2.4.7 Description: The EventON Lite plugin for WordPress is vulnerable to Information Exposure in versions prior to 2.4.7 via the add single eventon and add eventon shortcodes. Insufficient restrictions on post...

Malicious code in ava-ilable-down-load-mp3-today-draft-730-s4686-umrmvz (npm)

The package ava-ilable-down-load-mp3-today-draft-730-s4686-umrmvz was found to contain malicious code...

Malicious code in draft-js-mention-plugin-vixlet (npm)

The package draft-js-mention-plugin-vixlet was found to contain malicious code...

Malicious code in draft-js-sticker-plugin-vixlet (npm)

The package draft-js-sticker-plugin-vixlet was found to contain malicious code...

Malicious code in module-draft-js-mention-plugin (npm)

The package module-draft-js-mention-plugin was found to contain malicious code...

Malicious code in test-mlw2-tummy-draft (npm)

The package test-mlw2-tummy-draft was found to contain malicious code...

Malicious code in yandex-lint-draft (npm)

The package yandex-lint-draft was found to contain malicious code...

MAL-2025-26602 Malicious code in module-draft-js-mention-plugin (npm)

The package module-draft-js-mention-plugin was found to contain malicious code...

MAL-2025-18732 Malicious code in draft-js-mention-plugin-vixlet (npm)

The package draft-js-mention-plugin-vixlet was found to contain malicious code...

MAL-2025-36516 Malicious code in test-mlw2-tummy-draft (npm)

The package test-mlw2-tummy-draft was found to contain malicious code...

MAL-2025-40216 Malicious code in yandex-lint-draft (npm)

The package yandex-lint-draft was found to contain malicious code...

MAL-2025-18733 Malicious code in draft-js-sticker-plugin-vixlet (npm)

The package draft-js-sticker-plugin-vixlet was found to contain malicious code...

CVE-2025-8401

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.1 via the 'getpostdata' function. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive...

DEBIAN-CVE-2025-54352

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior...

UBUNTU-CVE-2025-54352

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior...

CVE-2025-54352

CVE-2025-54352 affects WordPress 3.5–6.8.2 and enables remote disclosure of private/draft post titles via pingback.ping XML-RPC requests. A PoC on GitHub demonstrates retrieving the title after sending a pingback to a crafted post. The provided sources confirm the vulnerability but do not specify...

WordPress 安全漏洞

WordPress is a suite of blogging platforms developed in the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress versions 3.5 through 6.8.2, which stems from mishandling of...

Unauthorized Access To Unpublished Page Previews

mautic/core is vulnerable to Unauthorized Access to unpublished page previews. The vulnerability is due to missing authorization checks on predictable preview URLs, allowing unauthenticated users and search engines to access and index draft content...