17 matches found
CVE-2026-9676
The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts...
EUVD-2026-40040
The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts...
CVE-2026-9676
The vulnerability CVE-2026-9676 affects the F4 Post Tree WordPress plugin prior to 2.0.5. The issue arises because the plugin does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the...
CVE-2026-9676 f4 Post Tree < 2.0.5 - Subscriber+ Arbitrary Post Parent/Menu Order Modification
The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts...
CVE-2026-9676
The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts...
EUVD-2025-2781
Malicious code in bioql PyPI...
CVE-2025-22499
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FAKTOR VIER F4 Post Tree f4-tree allows Reflected XSS.This issue affects F4 Post Tree: from n/a through = 1.1.18...
CVE-2025-22499
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FAKTOR VIER F4 Post Tree f4-tree allows Reflected XSS.This issue affects F4 Post Tree: from n/a through = 1.1.18...
CVE-2025-22499 WordPress F4 Post Tree Plugin <= 1.1.18 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FAKTOR VIER F4 Post Tree f4-tree allows Reflected XSS.This issue affects F4 Post Tree: from n/a through = 1.1.18...
CVE-2025-22499
CVE-2025-22499 is a real, active vulnerability in the F4 Post Tree plugin where improper input neutralization during web page generation allows a reflected Cross-Site Scripting (XSS) attack. Affected range is listed as from n/a through 1.1.18. Red Hat’s entry confirms the same description and imp...
CVE-2025-22499 WordPress F4 Post Tree Plugin <= 1.1.18 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FAKTOR VIER F4 Post Tree f4-tree allows Reflected XSS.This issue affects F4 Post Tree: from n/a through = 1.1.18...
PT-2025-4494 · Unknown · Faktor Vier F4 Post Tree
The vulnerable software is FAKTOR VIER F4 Post Tree, with versions ranging from n/a to 1.1.18. The vulnerability is an Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting' XSS, which allows Reflected XSS. This vulnerability can be exploited by attacker...
WordPress plugin F4 Post Tree 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress F4 Post Tree Plugin <= 1.1.18 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin F4 Post Tree versions = 1.1.18...
WordPress F4 Post Tree Plugin < 1.1.15 is vulnerable to Cross Site Scripting (XSS)
Software F4 Post Tree Type Plugin Vulnerable versions 1.1.15 Fixed in 1.1.15 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 26798b0a50ec Credits Rafie Muhammad Patchstack Required...
WordPress F4 Post Tree plugin <= 1.1.8 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress F4 Post Tree plugin versions = 1.1.8. Solution Update the WordPress F4 Post Tree plugin to the latest available version at least 1.1.9...
WordPress F4 Post Tree plugin <= 1.1.8 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress F4 Post Tree plugin versions = 1.1.8. Solution Update the WordPress F4 Post Tree plugin to the latest available version at least 1.1.9...