Lucene search
K

114 matches found

Circl
Circl
added 2 days ago5 views

CVE-2026-62188

creationtimestamp| type| source ---|---|--- 2026-07-13 23:30:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqktx6xbvt27...

8.6CVSS6.1AI score0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago39 views

CVE-2026-6801 Context Blog <= 1.3.5 - Unauthenticated Sensitive Information Exposure via 'postID' Parameter

The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the contextblogmodalpopup. This makes it possible for unauthenticated attackers to extract the content of password-protected posts...

5.3CVSS0.00239EPSS
Exploits0References2
CVE
CVE
added 4 days ago19 views

CVE-2026-6801

The Context Blog theme for WordPress is affected up to version 1.3.5. The vulnerability is an unauthenticated sensitive information exposure via the context_blog_modal_popup, which can let an attacker retrieve the content of password-protected posts. The root cause is exposure through a postID pa...

5.3CVSS6.1AI score0.00239EPSS
Exploits0References2
Circl
Circl
added 2026/07/03 5:23 p.m.15 views

CVE-2026-38971

creationtimestamp| type| source ---|---|--- 2026-07-03 17:23:28+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpr2rgfqwy2c...

9.1CVSS5.9AI score0.00482EPSS
Exploits1References1
Circl
Circl
added 2026/07/03 3:51 p.m.12 views

CVE-2026-53226

creationtimestamp| type| source ---|---|--- 2026-07-03 15:51:21+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqvmqcvp22d...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References1
Circl
Circl
added 2026/07/01 3:32 a.m.10 views

CVE-2026-56264

creationtimestamp| type| source ---|---|--- 2026-07-01 03:32:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpklg64alo25 2026-07-07 03:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpzmrtboah2b...

9.2CVSS5.9AI score0.00334EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 9:31 a.m.7 views

EUVD-2026-39189

The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'postid' parameter in all versions up to, and including, 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficie...

7.5CVSS6AI score0.00304EPSS
Exploits0References6
Circl
Circl
added 2026/06/10 1:15 p.m.12 views

CVE-2026-47352

creationtimestamp| type| source ---|---|--- 2026-06-10 13:15:35+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnws6y5lau2n...

5.3CVSS4.9AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.9 views

CVE-2025-14481

The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...

4.3CVSS5.4AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.9 views

CVE-2026-41243

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

6.9CVSS5.4AI score0.00177EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.9 views

CVE-2026-5829

A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of the argument postid causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

7.5CVSS7AI score0.00254EPSS
Exploits0References1
Circl
Circl
added 2026/05/29 9:49 p.m.14 views

CVE-2026-46385

creationtimestamp| type| source ---|---|--- 2026-05-29 21:49:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmzjcgcjw427...

8.7CVSS5.8AI score0.00378EPSS
Exploits0References1
Circl
Circl
added 2026/05/28 11:53 a.m.12 views

CVE-2026-8682

creationtimestamp| type| source ---|---|--- 2026-05-28 11:53:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvxjnpgei2i...

4.3CVSS5.8AI score0.00232EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 4:28 a.m.8 views

CVE-2025-14481

The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...

4.3CVSS5.7AI score0.00288EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/13 4:26 a.m.67 views

CVE-2026-7051 Blog2Social: Social Media Auto Post & Scheduler <= 8.9.0 - Missing Authorization to Authenticated (Subscriber+) Delete Arbitrary B2S Post Records via 'postId' Parameter

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

5.4CVSS0.00409EPSS
Exploits0References14
EUVD
EUVD
added 2026/05/13 4:26 a.m.14 views

EUVD-2026-29899

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

5.4CVSS5.9AI score0.00409EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2026/05/13 4:26 a.m.8 views

CVE-2026-7051 Blog2Social: Social Media Auto Post & Scheduler <= 8.9.0 - Missing Authorization to Authenticated (Subscriber+) Delete Arbitrary B2S Post Records via 'postId' Parameter

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

5.4CVSS5.9AI score0.00409EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/05/10 12:12 p.m.9 views

CVE-2022-50958

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...

6.1CVSS5.9AI score0.00204EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

WordPress plugin Jetpack 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.1CVSS5.7AI score0.00204EPSS
Exploits0References1
Circl
Circl
added 2026/04/23 2:15 p.m.8 views

CVE-2026-35333

creationtimestamp| type| source ---|---|--- 2026-04-23 14:15:24+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mk675r76zg27 2026-05-14 11:00:13+00:00| published-proof-of-concept| Telegram/KyHCshI6yZBJj8Foftsx5hfP7GLhbMmJ81CYC3g7d-oupU...

5.7AI score
Exploits3References1
Rows per page
Query Builder