Lucene search
K

1378 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/18 6:0 a.m.10 views

CVE-2026-1631

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

5.4CVSS5.8AI score0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/18 6:0 a.m.11 views

EUVD-2026-30735

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

5.4CVSS5.8AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/05/18 6:0 a.m.23 views

CVE-2026-1631

The CVE-2026-1631 entry affects the Feeds for YouTube WordPress plugin prior to version 2.6.4. The root cause is a missing capability check in the 'actions' function, allowing subscribers and higher roles to perform unauthorized modifications to the plugin’s license key. The impact is license key...

5.4CVSS5.8AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/18 6:0 a.m.48 views

CVE-2026-1631 Feeds for YouTube < 2.6.4 - Subscriber+ License Data Deletion

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 6:0 a.m.10 views

CVE-2026-1631 Feeds for YouTube < 2.6.4 - Subscriber+ License Data Deletion

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

5.8AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

WordPress plugin Feeds for YouTube 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.4CVSS5.8AI score0.00231EPSS
Exploits0References1
Circl
Circl
added 2026/05/17 3:0 a.m.15 views

CVE-2026-8725

creationtimestamp| type| source ---|---|--- 2026-05-17 03:00:39+00:00| seen| https://infosec.exchange/users/offseq/statuses/116587680874193200 2026-05-17 03:01:57+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mlzen4c7jy2l 2026-05-17 04:47:32+00:00| seen|...

7.5CVSS7.1AI score0.00309EPSS
Exploits0References3
OSV
OSV
added 2026/05/13 5:19 p.m.34 views

DRUPAL-CONTRIB-2026-037

This module enables you to export entity date fields as iCal feeds. The module doesn't sufficiently check entity or field access or sanitize user inputs when generating iCal feeds. This vulnerability is not mitigated by any permission, the routes are accessible to all anonymous users with no...

9.8CVSS5.8AI score0.00369EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 1:16 p.m.18 views

CVE-2026-6177

The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...

7.2CVSS0.00493EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/05/13 12:29 p.m.9 views

CVE-2026-6177 Custom Twitter Feeds <= 2.5.4 - Unauthenticated Stored Cross-Site Scripting via Cached Tweet Text

The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...

7.2CVSS6AI score0.00493EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/05/13 12:29 p.m.45 views

CVE-2026-6177 Custom Twitter Feeds <= 2.5.4 - Unauthenticated Stored Cross-Site Scripting via Cached Tweet Text

The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...

7.2CVSS0.00493EPSS
Exploits0References10
EUVD
EUVD
added 2026/05/13 12:29 p.m.9 views

EUVD-2026-29945

The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...

7.2CVSS6AI score0.00493EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:29 p.m.10 views

CVE-2026-6177

The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...

7.2CVSS6AI score0.00493EPSS
Exploits0References11
CVE
CVE
added 2026/05/13 12:29 p.m.22 views

CVE-2026-6177

The CVE-2026-6177 entry concerns the WordPress plugin Custom Twitter Feeds (versions

7.2CVSS6AI score0.00493EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/05/13 10:53 a.m.13 views

WordPress Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin <= 2.5.4 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by gidget smith in WordPress Plugin Custom Twitter Feeds Tweets Widget versions = 2.5.4...

7.2CVSS5.8AI score0.00493EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2026/05/13 4:30 a.m.13 views

CVE-2026-44257

creationtimestamp| type| source ---|---|--- 2026-05-13 04:30:34+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mlphsg4x3b23 2026-05-13 04:30:40+00:00| seen| https://infosec.exchange/users/offseq/statuses/116565385652211978...

9.3CVSS5.8AI score0.00319EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

WordPress plugin Custom Twitter Feeds 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.2CVSS5.8AI score0.00493EPSS
Exploits0References1
Drupal
Drupal
added 2026/05/13 12:0 a.m.17 views

Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-037

This module enables you to export entity date fields as iCal feeds. The module doesn't sufficiently check entity or field access or sanitize user inputs when generating iCal feeds. This vulnerability is not mitigated by any permission, the routes are accessible to all anonymous users with no...

9.8CVSS5.8AI score0.00369EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.20 views

PT-2026-40839

Name of the Vulnerable Software and Affected Versions Date iCal versions 0.0.0 through 4.0.14 Description A missing authorization issue in the Date iCal module, which exports entity date fields as iCal feeds, allows forceful browsing. The module fails to sufficiently check entity or field access...

9.8CVSS5.8AI score0.00369EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/11 5:0 p.m.9 views

CVE-2026-44658

Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...

2.4CVSS5.8AI score0.00157EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder