CVE-2026-7614

The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the OPHoptions function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2026-7614

The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the OPHoptions function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2026-7614 Old Posts Highlighter <= 1.0.3 - Cross-Site Request Forgery to Settings Update

The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the OPHoptions function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2026-7614

CVE-2026-7614 affects the WordPress plugin Old Posts Highlighter up to version 1.0.3. The root cause is missing or incorrect nonce validation on the OPH_options function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to update the plugin’s configuration by deceiving a...

WordPress Old Posts Highlighter plugin <= 1.0.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Old Posts Highlighter versions = 1.0.3...

WordPress Delete Posts automatically plugin <= 3.9.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Delete old Posts automatically versions = 3.9.6...

BIT-MASTODON-2026-23961 Mastodon may allow a remote suspension bypass

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows server administrators to suspend remote users to prevent interactions. However, some logic errors allow already-known posts from such suspended users to appear in timelines if boosted. Furthermore, under...

CVE-2026-23961

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows server administrators to suspend remote users to prevent interactions. However, some logic errors allow already-known posts from such suspended users to appear in timelines if boosted. Furthermore, under...

Mastodon security vulnerabilities

Mastodon is an open-source social networking server based on ActivityPub. Mastodon has a security vulnerability, which stems from a logical error that allows old posts of suspended users to appear on the timeline. In certain versions, this suspension mechanism may be partially bypassed...

PT-2026-3898

Name of the Vulnerable Software and Affected Versions Mastodon versions 4.2.26 through 4.2.29 Mastodon versions 4.3.13 through 4.3.17 Mastodon versions 4.4.5 through 4.4.11 Mastodon versions 4.5.0 through 4.5.4 Description Mastodon is a social network server that allows administrators to suspend...

CVE-2025-62954

Missing Authorization vulnerability in rsocial Revive Old Posts tweet-old-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive Old Posts: from n/a through = 9.3.3...

EUVD-2025-35988

Missing Authorization vulnerability in Codeinwp Revive Old Posts tweet-old-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive Old Posts: from n/a through = 9.3.3...

CVE-2025-62954

Missing Authorization vulnerability in rsocial Revive Old Posts tweet-old-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive Old Posts: from n/a through = 9.3.3...

CVE-2025-62954 WordPress Revive Old Posts plugin <= 9.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in rsocial Revive Old Posts tweet-old-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive Old Posts: from n/a through = 9.3.3...

CVE-2025-62954 WordPress Revive Old Posts plugin <= 9.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in rsocial Revive Old Posts tweet-old-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive Old Posts: from n/a through = 9.3.3...

CVE-2025-62954

CVE-2025-62954: Missing Authorization in WordPress Revive Old Posts plugin (

WordPress plugin Revive Old Posts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-43829

Missing Authorization vulnerability in Codeinwp Revive Old Posts tweet-old-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive Old Posts: from n/a through = 9.3.3...

WordPress Revive Old Posts plugin <= 9.3.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Revive Old Posts versions = 9.3.3...

EUVD-2022-52004

Malicious code in bioql PyPI...