1378 matches found
CVE-2026-1631
The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...
EUVD-2026-30735
The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...
CVE-2026-1631
The CVE-2026-1631 entry affects the Feeds for YouTube WordPress plugin prior to version 2.6.4. The root cause is a missing capability check in the 'actions' function, allowing subscribers and higher roles to perform unauthorized modifications to the plugin’s license key. The impact is license key...
CVE-2026-1631 Feeds for YouTube < 2.6.4 - Subscriber+ License Data Deletion
The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...
CVE-2026-1631 Feeds for YouTube < 2.6.4 - Subscriber+ License Data Deletion
The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...
WordPress plugin Feeds for YouTube 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2026-8725
creationtimestamp| type| source ---|---|--- 2026-05-17 03:00:39+00:00| seen| https://infosec.exchange/users/offseq/statuses/116587680874193200 2026-05-17 03:01:57+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mlzen4c7jy2l 2026-05-17 04:47:32+00:00| seen|...
DRUPAL-CONTRIB-2026-037
This module enables you to export entity date fields as iCal feeds. The module doesn't sufficiently check entity or field access or sanitize user inputs when generating iCal feeds. This vulnerability is not mitigated by any permission, the routes are accessible to all anonymous users with no...
CVE-2026-6177
The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...
CVE-2026-6177 Custom Twitter Feeds <= 2.5.4 - Unauthenticated Stored Cross-Site Scripting via Cached Tweet Text
The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...
CVE-2026-6177 Custom Twitter Feeds <= 2.5.4 - Unauthenticated Stored Cross-Site Scripting via Cached Tweet Text
The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...
EUVD-2026-29945
The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...
CVE-2026-6177
The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...
CVE-2026-6177
The CVE-2026-6177 entry concerns the WordPress plugin Custom Twitter Feeds (versions
WordPress Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin <= 2.5.4 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by gidget smith in WordPress Plugin Custom Twitter Feeds Tweets Widget versions = 2.5.4...
CVE-2026-44257
creationtimestamp| type| source ---|---|--- 2026-05-13 04:30:34+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mlphsg4x3b23 2026-05-13 04:30:40+00:00| seen| https://infosec.exchange/users/offseq/statuses/116565385652211978...
WordPress plugin Custom Twitter Feeds 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-037
This module enables you to export entity date fields as iCal feeds. The module doesn't sufficiently check entity or field access or sanitize user inputs when generating iCal feeds. This vulnerability is not mitigated by any permission, the routes are accessible to all anonymous users with no...
PT-2026-40839
Name of the Vulnerable Software and Affected Versions Date iCal versions 0.0.0 through 4.0.14 Description A missing authorization issue in the Date iCal module, which exports entity date fields as iCal feeds, allows forceful browsing. The module fails to sufficiently check entity or field access...
CVE-2026-44658
Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...