PT-2026-34296

Name of the Vulnerable Software and Affected Versions mCatFilter versions prior to 0.5.3 Description The mCatFilter plugin for WordPress is susceptible to Cross-Site Request Forgery. The compute post function, which processes settings updates, lacks nonce verification and capability checks. This...

CVE-2025-12147

In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security (FLS) rules are misapplied on object-valued fields. An FLS exclusion (for example ~field) removes the object from the _source in search results, but the object’s child attributes remain accessible to queries, enabling potential ...

CVE-2023-23613

OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rely on their...

CVE-2023-23613 Field-level security issue with .keyword fields in OpenSearch

OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rely on their...