WordPress plugin Ultimate Post Kit Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...

CVE-2025-12156

The Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savepostdata function in versions 2.0.7 to 2.2.6. This makes it possible for authenticated attackers, with...

EUVD-2008-5816

Malware in sbrugna...

CVE-2025-2224

CVE-2025-2224 affects Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings for WordPress. The vulnerability arises from a missing capability check in the parse_query function, allowing unauthenticated attackers to update the post_status of any post to 'publish' across al...

CVE-2025-2224 Directorist <= 8.2 - Missing Authorization to Unauthenticated Arbitrary Post Publishing

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'parsequery' function in all versions up to, and including, 8.2. This makes it possible fo...

CVE-2025-2224 Directorist <= 8.2 - Missing Authorization to Unauthenticated Arbitrary Post Publishing

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'parsequery' function in all versions up to, and including, 8.2. This makes it possible fo...

CVE-2025-1463 Spreadsheet Integration <= 3.8.2 - Cross-Site Request Forgery to Arbitrary Post Publish

The Spreadsheet Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.2. This is due to improper nonce validation within the class-wpgsi-show.php script. This makes it possible for unauthenticated attackers to publish arbitrary post...

CVE-2025-1463 Spreadsheet Integration <= 3.8.2 - Cross-Site Request Forgery to Arbitrary Post Publish

The Spreadsheet Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.2. This is due to improper nonce validation within the class-wpgsi-show.php script. This makes it possible for unauthenticated attackers to publish arbitrary post...

LinkedIn: Improper access control on Linkedin Page

An improper access control vulnerability was discovered on the LinkedIn page, allowing a user with the role of analyst to publish posts even after their role was changed from super admin...

CVE-2015-5715

The mweditPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors...

MGASA-2014-0254 Updated wordpress package fixes multiple vulnerabilities

Updated wordpress package fixes security vulnerabilities: WordPress before 3.7.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php CVE-2014-0165. The wpvalidateauthcookie...

Design/Logic Flaw

WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php...

UBUNTU-CVE-2014-0165

WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php...

CVE-2014-0165

WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php...

FreeBSD : wordpress -- multiple vulnerabilities (049332d2-f6e1-11e2-82f3-000c29ee3065)

The wordpress development team reports : - Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site - Disallow contributors from improperly publishing posts - An update to the SWFUpload external library to fix cross-site scripting...