Lucene search
K

484 matches found

CNNVD
CNNVD
added 2026/01/24 12:0 a.m.11 views

WordPress plugin VK Google Job Posting Manager has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00248EPSS
Exploits0References4
Circl
Circl
added 2026/01/23 5:18 p.m.4 views

CVE-2026-22978

creationtimestamp| type| source ---|---|--- 2026-01-23 17:18:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3md47h24a6q23 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/ 2026-04-02 17:00:00+00:00| seen|...

3.3CVSS5.9AI score0.00117EPSS
Exploits0References7
CVE
CVE
added 2026/01/13 8:38 p.m.43 views

CVE-2026-22869

Eigent’s CVE-2026-22869 affects its CI workflow (.github/workflows/ci.yml) used in the Eigent multi‑agent Workforce. The vulnerability arises from using the pull_request_target trigger in combination with checking out untrusted PR code, enabling arbitrary code execution from fork pull requests wi...

9.8CVSS7.5AI score0.00546EPSS
Exploits1References4Affected Software1
Circl
Circl
added 2026/01/12 1:47 p.m.6 views

CVE-2025-40975

creationtimestamp| type| source ---|---|--- 2026-01-12 13:47:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mca6iutq5f2m...

5.1CVSS5.8AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:50 a.m.7 views

CVE-2009-4232

The Kide Shoutbox comkide component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely...

5CVSS7AI score0.01009EPSS
Exploits0References1
OSV
OSV
added 2026/01/08 8:57 p.m.7 views

GHSA-H5CW-625J-3RXH React Router has CSRF issue in Action/Server Action Request Processing

React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes. !NOTE This does not impact your application if you are using Declarative...

6.5CVSS5.5AI score0.00128EPSS
Exploits0References3
NVD
NVD
added 2026/01/07 12:16 p.m.4 views

CVE-2025-13419

The Guest posting / Frontend Posting / Front Editor – WP Front User Submit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bfe/v1/revert' REST API endpoint in all versions up to, and including, 5.0.0. This makes it possibl...

5.3CVSS0.0023EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/07 9:21 a.m.28 views

CVE-2025-13419 Guest posting / Frontend Posting / Front Editor – WP Front User Submit <= 5.0.0 - Missing Authorization to Unauthenticated Media Deletion

The Guest posting / Frontend Posting / Front Editor – WP Front User Submit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bfe/v1/revert' REST API endpoint in all versions up to, and including, 5.0.0. This makes it possibl...

5.3CVSS0.0023EPSS
Exploits0References2
CVE
CVE
added 2026/01/07 9:21 a.m.26 views

CVE-2025-13419

CVE-2025-13419 affects the WordPress plugin Guest posting / Frontend Posting / Front Editor – WP Front User Submit. The issue is a missing capability check on the /wp-json/bfe/v1/revert REST endpoint, present in all versions up to 5.0.0, allowing unauthenticated attackers to delete arbitrary medi...

5.3CVSS5.1AI score0.0023EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/01/06 10:49 p.m.12 views

WordPress Guest posting / Frontend Posting / Front Editor - WP Front User Submit plugin <= 5.0.0 - Missing Authorization to Unauthenticated Media Deletion vulnerability

WordPress Guest posting / Frontend Posting / Front Editor - WP Front User Submit plugin = 5.0.0 - Missing Authorization to Unauthenticated Media Deletion vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin WP Front User Submit / Front Editor versio...

5.3CVSS7AI score0.0023EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/01/02 6:44 p.m.5 views

EUVD-2026-0757

Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery CSRF. This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site...

8.3CVSS6AI score0.00151EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/02 12:0 a.m.5 views

emlog 安全漏洞

emlog is emlog open source a set of PHP and MySQL based CMS website building system. A security vulnerability exists in version 2.5.23 of emlog, the vulnerability stems from the administrator can set the control item, which may lead to users can not be edited or deleted after posting articles...

5.1CVSS6.6AI score0.00204EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/26 12:0 a.m.3 views

WordPress plugin Frontend Post Submission Manager Lite – Frontend Posting 安全漏洞

...

5.3CVSS5.8AI score0.00284EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/25 11:20 p.m.24 views

CVE-2025-14913 Frontend Post Submission Manager Lite <= 1.2.6 - Incorrect Authorization to Unauthenticated Arbitrary Attachment Deletion

The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'mediadeleteaction' function in all versions up to, and including, 1.2.6. This makes it possible for...

5.3CVSS0.00284EPSS
Exploits0References3
CVE
CVE
added 2025/12/21 2:20 a.m.17 views

CVE-2025-14080

CVE-2025-14080 concerns the WordPress plugin Frontend Post Submission Manager Lite. The vulnerability is due to missing authorization on the fpsml_form_process AJAX action, allowing unauthenticated attackers to modify arbitrary posts by supplying a post_id via the guest posting form. Reported imp...

5.3CVSS5.7AI score0.0024EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/21 2:20 a.m.18 views

CVE-2025-14080 Frontend Post Submission Manager Lite <= 1.2.5 - Missing Authorization to Unauthenticated Arbitrary Post Modification

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsmlformprocess AJAX action. This makes it possible for...

5.3CVSS0.0024EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/17 10:3 a.m.8 views

CVE-2025-68070

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vektor,Inc. VK Google Job Posting Manager vk-google-job-posting-manager allows Stored XSS.This issue affects VK Google Job Posting Manager: from n/a through = 1.2.22...

6.5CVSS5.9AI score0.00133EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 9:31 a.m.6 views

EUVD-2025-203544

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vektor,Inc. VK Google Job Posting Manager vk-google-job-posting-manager allows Stored XSS.This issue affects VK Google Job Posting Manager: from n/a through = 1.2.21...

5.5AI score0.00133EPSS
Exploits0References2
NVD
NVD
added 2025/12/16 9:16 a.m.21 views

CVE-2025-68070

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vektor,Inc. VK Google Job Posting Manager vk-google-job-posting-manager allows Stored XSS.This issue affects VK Google Job Posting Manager: from n/a through = 1.2.22...

6.5CVSS0.00133EPSS
Exploits0References1
CVE
CVE
added 2025/12/16 8:13 a.m.11 views

CVE-2025-68070

CVE-2025-68070 affects VK Google Job Posting Manager plugin for WordPress (

6.5CVSS5.9AI score0.00133EPSS
Exploits0References1
Rows per page
Query Builder