4 matches found
CVE-2026-22203
wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain exported files containing plaintext API secrets like fbAppSecret, googleClientSecret, twitterAppSecret...
CVE-2026-22203
wpDiscuz before 7.6.47 has an information disclosure vulnerability: exporting plugin options as JSON can leak plaintext OAuth secrets (e.g., fbAppSecret, googleClientSecret, twitterAppSecret, and other social-login credentials) via support tickets, backups, or version control repositories. The CV...
CVE-2025-12098
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.8 via the 'enqueuesocialloginscript' function. This makes it possible for unauthenticated attackers to extract...
Secret Sister scam returns in time for Christmas
The festive season may be imminent, but it’s a Facebook Secret Sister not Santa you have to steer clear of. Secret Sister has been a mainstay of Yuletide scams since at least 2015, and has come back around once more. But what is it? Your office probably has a Secret Santa scheme in place. You dra...