Lucene search
K

9 matches found

EUVD
EUVD
added 2026/03/11 12:31 p.m.6 views

EUVD-2026-11134

WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...

4.3CVSS5.8AI score0.00305EPSS
Exploits0References4
NVD
NVD
added 2026/03/11 10:16 a.m.4 views

CVE-2026-3906

WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...

4.3CVSS0.00305EPSS
Exploits0References3
OSV
OSV
added 2026/03/11 10:16 a.m.2 views

DEBIAN-CVE-2026-3906

WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...

4.3CVSS5.4AI score0.00305EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/11 10:16 a.m.11 views

CVE-2026-3906

WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...

4.3CVSS5.8AI score0.00305EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/03/11 9:25 a.m.3 views

CVE-2026-3906

WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...

4.3CVSS5.3AI score0.00305EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/11 9:25 a.m.5 views

CVE-2026-3906 WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API

WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...

4.3CVSS5.8AI score0.00305EPSS
Exploits0References3
CVE
CVE
added 2026/03/11 9:25 a.m.326 views

CVE-2026-3906

CVE-2026-3906 affects WordPress core (versions 6.9–6.9.1). The vulnerability resides in the REST API endpoint used by the block editor's Notes feature, where create_item_permissions_check() does not verify that the authenticated user has edit_post permission on the target post when creating a not...

4.3CVSS5.8AI score0.00305EPSS
Exploits0References3
NVD
NVD
added 2026/02/18 11:16 a.m.11 views

CVE-2026-1942

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the b2scurationdraft AJAX action in all versions up to, and including, 8.7.4. The curationDraft function only verifies...

6.5CVSS0.00336EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/18 10:20 a.m.7 views

CVE-2026-1942

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the b2scurationdraft AJAX action in all versions up to, and including, 8.7.4. The curationDraft function only verifies...

6.5CVSS5.7AI score0.00336EPSS
Exploits0References5
Rows per page
Query Builder