45 matches found
Mattermost doesn't check the create_post channel permission during post edit operations
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check the createpost channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update and...
CVE-2025-69236
Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...
EUVD-2025-208699
Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...
CVE-2025-69236
Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...
CVE-2025-69236
Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...
CVE-2025-69236
Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...
CVE-2025-69236 Stored XSS in Raytha CMS
Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...
PT-2026-25689
Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...
CVE-2026-1254 Modula Image Gallery – Photo Grid & Video Gallery <= 2.13.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post/Page Editing
The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.13.6. This is due to the plugin not properly verifying that a user is authorized to modify specific posts before updating them via the REST API...
CVE-2026-1254
CVE-2026-1254 is not a reserved entry; the connected Patchstack record reports a concrete vulnerability: WordPress plugin “Modula Image Gallery – Photo Grid & Video Gallery” (versions
CVE-2026-1254 Modula Image Gallery – Photo Grid & Video Gallery <= 2.13.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post/Page Editing
The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.13.6. This is due to the plugin not properly verifying that a user is authorized to modify specific posts before updating them via the REST API...
PT-2025-54438
Name of the Vulnerable Software and Affected Versions Christopher Churchill versions through 1.0.4 Description The software contains a flaw related to improper input handling during web page generation, leading to a Reflected Cross-Site Scripting XSS condition. This allows an attacker to inject...
GHSA-FF85-QW3H-G9VP Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL
Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL...
EUVD-2020-11522
Malware in sbrugna...
EUVD-2022-49670
Malicious code in bioql PyPI...
EUVD-2023-57668
Malicious code in bioql PyPI...
CVE-2023-5352
The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpaseditreply function, allowing users to edit posts for which they do not have permission...
CVE-2024-13518 Simple:Press <= 6.10.12 - Cross-Site Request Forgery to Unauthorized Post Editing
The Simple:Press Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.10.12. This is due to missing or incorrect nonce validation on the 'spsaveeditedpost' function. This makes it possible for unauthenticated attackers to modify a forum po...
CVE-2024-13518 Simple:Press <= 6.10.12 - Cross-Site Request Forgery to Unauthorized Post Editing
The Simple:Press Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.10.12. This is due to missing or incorrect nonce validation on the 'spsaveeditedpost' function. This makes it possible for unauthenticated attackers to modify a forum po...
WordPress Simple:Press plugin <= 6.10.11 - Cross-Site Request Forgery to Unauthorized Post Editing vulnerability
Cross-Site Request Forgery to Unauthorized Post Editing vulnerability discovered by 20kilograma in WordPress Plugin Simple:Press versions = 6.10.12...