14 matches found
Improper Access Control
misskey-js is vulnerable to improper access control. The vulnerability is due to insufficient authorization checks when exporting posts, which allows an attacker without permission to export posts and view favorites or clips they should not be able to access...
CVE-2025-66402
Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue...
Misskey 安全漏洞
Misskey is a permanently free open source syndicated social media platform from Misskey Open Source. A security vulnerability exists in Misskey version 13.0.0-beta.16 through versions prior to 2025.12.0, which stems from a participant who does not have permission to view favorites or clips being...
WordPress hiWeb Export Posts Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in WordPress hiWeb Export Posts, which stems from missing or incorrect random number validation, and can be exploited by a...
CVE-2025-7640 hiWeb Export Posts <= 0.9.0.0 - Cross-Site Request Forgery to Arbitrary File Deletion
The hiWeb Export Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.0.0. This is due to missing or incorrect nonce validation on the tool-dashboard-history.php file. This makes it possible for unauthenticated attackers to delete...
PT-2025-30653 · WordPress · Hiweb Export Posts
Name of the Vulnerable Software and Affected Versions: hiWeb Export Posts plugin for WordPress versions up to and including 0.9.0.0 Description: The hiWeb Export Posts plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the...
WordPress plugin hiWeb Export Posts 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in WordPress hiWeb Export Posts, which stems from missing or incorrect random number validation, and can be exploited by a...
WordPress plugin Export All Posts, Products, Orders, Refunds & Users 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A code issue vulnerability exists in WordPress plugin...
CVE-2023-5905
The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as...
CVE-2023-5905
The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as...
CVE-2023-5905 DeMomentSomTres WordPress Export Posts With Images <= 20220825 - Subscriber+ unauthorized data export
The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as...
WordPress Plugin DeMomentSomTres WordPress Export Posts With Images Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin DeMomentSomTres WordPress...
WordPress Plugin Export All Posts, Products, Orders, Refunds & Users Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress DeMomentSomTres WordPress Export Posts With Images Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)
Software DeMomentSomTres WordPress Export Posts With Images Type Plugin Vulnerable versions = 2.5 Fixed in 20200610 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 568a0722ed5e Credits...