CVE-2026-0743

The WP Content Permission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ohmem-message' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-32791

The Backstage Scaffolder plugin houses types and utilities for building scaffolder-related modules. A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permission policy installed in the permission...

CVE-2025-32791

The Backstage Scaffolder plugin houses types and utilities for building scaffolder-related modules. A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permission policy installed in the permission...

CVE-2025-32791

The CVE-2025-32791 relates to information leakage in the Backstage permission backend (Backstage permission plugin). Affected component: the permission backend’s handling of conditional decisions. Root cause (as described): callers can extract information about conditional decisions returned by t...

GHSA-F8J4-P5CR-P777 Permission policy information leakage in Backstage permission system

Impact A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permission policy installed in the permission backend. If the permission system is not in use or if the installed permission policy does not...

PT-2025-16909

Name of the Vulnerable Software and Affected Versions Backstage permission plugin backend versions prior to 0.6.0 Description A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permission policy...