924 matches found
CVE-2026-7636
CVE-2026-7636 affects the WordPress plugin The Slider by Soliloquy – Responsive Image Slider (versions up to and including 2.8.1). The vulnerability is a Sensitive Information Exposure via the REST/profile mechanism (map_meta_cap) that allows authenticated users with subscriber-level access or hi...
EUVD-2026-31416
The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the mapmetacap. This makes it possible for authenticated attackers, with subscriber-level access and above, to extra...
CVE-2026-7636
The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the mapmetacap. This makes it possible for authenticated attackers, with subscriber-level access and above, to extra...
CVE-2026-9104
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
CVE-2026-9104
The CVE concerns the Draft List plugin for WordPress, affecting all versions up to 2.6.3. It describes a Stored Cross-Site Scripting (XSS) vulnerability in draft post titles caused by insufficient input sanitization and output escaping. Exploitation requires at least author-level access; authenti...
CVE-2026-9104 Draft List <= 2.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via Draft Post Title
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
EUVD-2026-31405
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
CVE-2026-9104
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
CVE-2026-9104 Draft List <= 2.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via Draft Post Title
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
EUVD-2026-31358
Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The Concrete CMS security te...
PT-2026-42734
The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the map meta cap. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
WordPress plugin Slider by Soliloquy 信息泄露漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-42730
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
WordPress plugin Draft List 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2026-8240
Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The Concrete CMS security te...
CVE-2026-8240 Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure in Backend\SummaryTemplate
Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The Concrete CMS security te...
CVE-2026-8240
Technical details for CVE-2026-8240 are not publicly provided in the supplied documents. No specific affected components, versions, or fixes are listed. Monitor for updates from Concrete CMS and CVE/NVD sources.
CVE-2026-8240 Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure in Backend\SummaryTemplate
Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The Concrete CMS security te...
Concrete CMS 访问控制错误漏洞
Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier contained a access control vulnerability caused by unvalidated page metadata exposure. This vulnerability could lead to the disclosure of titles, paths, descriptions, and...
PT-2026-42562
Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Unauthenticated users can access page metadata on any page that has a configured summary template. This allows for the disclosure of private, draft, and restricted pages, leaking information suc...