114 matches found
CVE-2026-62188
creationtimestamp| type| source ---|---|--- 2026-07-13 23:30:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqktx6xbvt27...
CVE-2026-6801 Context Blog <= 1.3.5 - Unauthenticated Sensitive Information Exposure via 'postID' Parameter
The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the contextblogmodalpopup. This makes it possible for unauthenticated attackers to extract the content of password-protected posts...
CVE-2026-6801
The Context Blog theme for WordPress is affected up to version 1.3.5. The vulnerability is an unauthenticated sensitive information exposure via the context_blog_modal_popup, which can let an attacker retrieve the content of password-protected posts. The root cause is exposure through a postID pa...
CVE-2026-38971
creationtimestamp| type| source ---|---|--- 2026-07-03 17:23:28+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpr2rgfqwy2c...
CVE-2026-53226
creationtimestamp| type| source ---|---|--- 2026-07-03 15:51:21+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqvmqcvp22d...
CVE-2026-56264
creationtimestamp| type| source ---|---|--- 2026-07-01 03:32:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpklg64alo25 2026-07-07 03:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpzmrtboah2b...
EUVD-2026-39189
The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'postid' parameter in all versions up to, and including, 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficie...
CVE-2026-47352
creationtimestamp| type| source ---|---|--- 2026-06-10 13:15:35+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnws6y5lau2n...
CVE-2025-14481
The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...
CVE-2026-41243
OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...
CVE-2026-5829
A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of the argument postid causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...
CVE-2026-46385
creationtimestamp| type| source ---|---|--- 2026-05-29 21:49:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmzjcgcjw427...
CVE-2026-8682
creationtimestamp| type| source ---|---|--- 2026-05-28 11:53:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvxjnpgei2i...
CVE-2025-14481
The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...
CVE-2026-7051 Blog2Social: Social Media Auto Post & Scheduler <= 8.9.0 - Missing Authorization to Authenticated (Subscriber+) Delete Arbitrary B2S Post Records via 'postId' Parameter
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...
EUVD-2026-29899
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...
CVE-2026-7051 Blog2Social: Social Media Auto Post & Scheduler <= 8.9.0 - Missing Authorization to Authenticated (Subscriber+) Delete Arbitrary B2S Post Records via 'postId' Parameter
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...
CVE-2022-50958
WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...
WordPress plugin Jetpack 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-35333
creationtimestamp| type| source ---|---|--- 2026-04-23 14:15:24+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mk675r76zg27 2026-05-14 11:00:13+00:00| published-proof-of-concept| Telegram/KyHCshI6yZBJj8Foftsx5hfP7GLhbMmJ81CYC3g7d-oupU...