347 matches found
CVE-2026-23743 Discourse allows permalinks to restricted resources to leak resource slugs to unauthorized users
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...
PT-2026-5211
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.5.4 Discourse versions prior to 2025.11.2 Discourse versions prior to 2025.12.1 Discourse versions prior to 2026.1.0 Description Discourse is an open source discussion platform. Permalinks to access-restricted...
CVE-2025-14172
The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the cwpptriggerflushrewriterules function hooked to wpajaxcwpptriggerflushrewriterules. This makes it possible fo...
Exploit for CVE-2025-14172
📄 Nuclei Template for CVE-2025-14172 🚀 Overview This repo...
CVE-2025-14172 WP Page Permalink Extension <= 1.5.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Rewrite Rules Flush
The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the cwpptriggerflushrewriterules function hooked to wpajaxcwpptriggerflushrewriterules. This makes it possible fo...
CVE-2025-14172 WP Page Permalink Extension <= 1.5.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Rewrite Rules Flush
The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the cwpptriggerflushrewriterules function hooked to wpajaxcwpptriggerflushrewriterules. This makes it possible fo...
CVE-2025-14172
The CVE-2025-14172 entry concerns the WP Page Permalink Extension WordPress plugin (affected versions up to and including 1.5.4). The vulnerability is a Missing Authorization issue in the cwpp_trigger_flush_rewrite_rules function tied to the wp_ajax_cwpp_trigger_flush_rewrite_rules AJAX action, e...
CVE-2022-0201
The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue...
CVE-2020-24861
GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page...
CVE-2023-43754
Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled...
WordPress plugin WP Page Permalink Extension 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2026-1732
Name of the Vulnerable Software and Affected Versions WP Page Permalink Extension versions prior to 1.5.5 Description The WP Page Permalink Extension plugin for WordPress is susceptible to a missing authorization issue. This occurs because of a lack of authorization checks within the cwpp trigger...
WordPress WP MultiTasking plugin <= 0.1.12 - Permalink Suffix Update via CSRF vulnerability
Permalink Suffix Update via CSRF vulnerability discovered by Norbert Hofmann in WordPress Plugin WP MultiTasking versions = 0.1.12...
WordPress Premmerce Brands for WooCommerce plugin <= 1.2.13 - Missing Authorization To Authenticated (Subscriber+) Brand Permalink Settings Update vulnerability
Missing Authorization To Authenticated Subscriber+ Brand Permalink Settings Update vulnerability discovered by WordFence in WordPress Plugin Premmerce Brands for WooCommerce versions = 1.2.13...
CVE-2025-12783
The Premmerce Brands for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveBrandsSettings function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-11983 WP Discourse <= 2.5.9 - Authenticated (Author+) Information Exposure
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...
CVE-2011-10037
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the handling of xiwindow variables used to build permalinks in the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...
EUVD-2021-11681
Malware in sbrugna...
EUVD-2017-2325
Malware in sbrugna...
EUVD-2017-2326
Malware in sbrugna...