Lucene search
K

154 matches found

NVD
NVD
added 2026/07/02 10:16 a.m.8 views

CVE-2026-13251

The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...

7.5CVSS0.0082EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 9:32 a.m.17 views

CVE-2026-13251

The CVE-2026-13251 entry concerns the WordPress Perfmatters plugin (

7.5CVSS5.9AI score0.0082EPSS
Exploits0References3
OSV
OSV
added 2026/01/31 8:42 a.m.5 views

BIT-DISCOURSE-2026-23743 Discourse allows permalinks to restricted resources to leak resource slugs to unauthorized users

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...

7.5CVSS5.9AI score0.00245EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/29 9:21 p.m.6 views

CVE-2026-23743

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...

7.5CVSS5.9AI score0.00245EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/28 8:7 p.m.7 views

CVE-2026-23743

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...

6.9CVSS5.9AI score0.00245EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/28 8:7 p.m.21 views

CVE-2026-23743 Discourse allows permalinks to restricted resources to leak resource slugs to unauthorized users

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...

6.9CVSS0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/28 8:7 p.m.7 views

EUVD-2026-4861

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...

6.9CVSS5.9AI score0.00245EPSS
Exploits0References1
CVE
CVE
added 2026/01/28 8:7 p.m.12 views

CVE-2026-23743

Summary of CVE-2026-23743 (Discourse) : Prior to versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks to access-restricted resources (private topics/categories/posts/hidden tags) could redirect to URLs containing the resource slug in the Location header or 404 search box, leaking potent...

7.5CVSS5.9AI score0.00245EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/01/28 8:7 p.m.5 views

CVE-2026-23743 Discourse allows permalinks to restricted resources to leak resource slugs to unauthorized users

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...

6.9CVSS5.9AI score0.00245EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/12 6:31 a.m.5 views

EUVD-2025-202993

The Premmerce Brands for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveBrandsSettings function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS4.6AI score0.00248EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.1 views

CVE-2025-12783 Premmerce Brands for WooCommerce <= 1.2.13 - Missing Authorization To Authenticated (Subscriber+) Brand Permalink Settings Update

The Premmerce Brands for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveBrandsSettings function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS4.7AI score0.00248EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.10 views

PT-2025-50807

The Premmerce Brands for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveBrandsSettings function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.1AI score0.00248EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/19 9:9 a.m.13 views

CVE-2025-12372

The Permalinks Cascade plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action in the handleTPCAdminAjaxRequest function. This makes it possible for...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/18 9:30 a.m.7 views

EUVD-2025-197937

The Permalinks Cascade plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action in the handleTPCAdminAjaxRequest function. This makes it possible for...

4.3CVSS5.3AI score0.00201EPSS
Exploits0References4
NVD
NVD
added 2025/11/18 9:15 a.m.25 views

CVE-2025-12372

The Permalinks Cascade plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action in the handleTPCAdminAjaxRequest function. This makes it possible for...

4.3CVSS0.00201EPSS
Exploits0References3
CVE
CVE
added 2025/11/18 8:27 a.m.13 views

CVE-2025-12372

The CVE-2025-12372 entry concerns The Permalinks Cascade plugin for WordPress (up to version 2.2). The root cause is Missing Authorization in the handleTPCAdminAjaxRequest path, enabling authenticated users with subscriber-level access and above to perform unauthorized administrative actions (e.g...

4.3CVSS5.4AI score0.00201EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/18 8:27 a.m.5 views

CVE-2025-12372 The Permalinks Cascade <= 2.2 - Missing Authorization To Authenticated (Subscriber+) Plugin Settings Update

The Permalinks Cascade plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action in the handleTPCAdminAjaxRequest function. This makes it possible for...

4.3CVSS5.4AI score0.00201EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/18 8:27 a.m.9 views

CVE-2025-12372 The Permalinks Cascade <= 2.2 - Missing Authorization To Authenticated (Subscriber+) Plugin Settings Update

The Permalinks Cascade plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action in the handleTPCAdminAjaxRequest function. This makes it possible for...

4.3CVSS0.00201EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.6 views

PT-2025-47255

Name of the Vulnerable Software and Affected Versions Permalinks Cascade plugin for WordPress versions up to and including 2.2 Description The Permalinks Cascade plugin for WordPress does not properly verify user authorization when performing certain actions. Specifically, the...

4.3CVSS6.2AI score0.00201EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.5 views

WordPress plugin Permalinks Cascade 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.3CVSS6.5AI score0.00201EPSS
Exploits0References3
Rows per page
Query Builder