20 matches found
CVE-2026-28281 InstantCMS has Multiple CSRF Vulnerabilities
InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled tasks, move posts to trash, and accept friend requests on behalf of the user. This vulnerability...
PT-2026-24135
Name of the Vulnerable Software and Affected Versions InstantCMS versions prior to 2.18.1 Description InstantCMS does not properly validate Cross-Site Request Forgery CSRF tokens. This allows attackers to perform actions on behalf of a user without their knowledge. Specifically, an attacker could...
BIT-DISCOURSE-2026-27151 Discourse doesn't validate destination topic when moving posts
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...
CVE-2026-27151
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...
CVE-2026-27151
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...
CVE-2026-27151
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...
CVE-2026-27151 Discourse doesn't validate destination topic when moving posts
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...
CVE-2026-27151 Discourse doesn't validate destination topic when moving posts
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...
CVE-2026-27151
Discourse prior to versions 2025.12.2, 2026.1.1, and 2026.2.0 had a validation flaw where move_posts checked only source topic write permissions and did not validate destination topic permissions, allowing TL4 users and category moderators to move posts into topics in categories with read-only or...
EUVD-2026-8890
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...
CVE-2026-27151 Discourse doesn't validate destination topic when moving posts
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...
PT-2026-22186
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse, an open source discussion platform, had an issue where the move posts action did not properly validate write...
EUVD-2025-3398
Malicious code in bioql PyPI...
CVE-2025-23764
Missing Authorization vulnerability in ujjavaljani Copy Move Posts copy-move-posts.This issue affects Copy Move Posts: from n/a through = 1.6...
CVE-2025-23764
Missing Authorization vulnerability in ujjavaljani Copy Move Posts copy-move-posts.This issue affects Copy Move Posts: from n/a through = 1.6...
CVE-2025-23764 WordPress Copy Move Posts plugin <= 1.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in ujjavaljani Copy Move Posts copy-move-posts.This issue affects Copy Move Posts: from n/a through = 1.6...
WordPress Copy Move Posts plugin <= 1.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Mika in WordPress Plugin Copy Move Posts versions = 1.6...
WordPress plugin Copy Move Posts 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
PT-2025-5073 · Unknown · Copy Move Posts
Name of the Vulnerable Software and Affected Versions: Copy Move Posts versions n/a through 1.6 Description: The issue is related to a lack of authorization in Copy Move Posts, allowing the exploitation of incorrectly configured access control security levels. Recommendations: For versions n/a...
WordPress Batch-Move Posts plugin <= 1.5 - Broken Authentication vulnerability leading to Unauthenticated Stored Cross-Site Scripting (XSS)
Broken Authentication vulnerability leading to Unauthenticated Stored Cross-Site Scripting XSS discovered Noman Riffat in WordPress Batch-Move Posts plugin versions = 1.5. Solution Plugin closed. Deactivate and delete...