WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts

WordPress before 5.2.4 contains an information disclosure caused by mishandling of the static query property, letting unauthenticated users view certain content, exploit requires no authentication. id: CVE-2019-17671 info: name: WordPress = 5.2.4 - Unauthenticated View Private/Draft Posts author:...

WordPress Simple Job Board - Unauthorized Data Access

The Simple Job Board plugin for WordPress is vulnerable to unauthorized data access due to insufficient authorization checking in the fetchquickjob function in all versions up to and including 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be...

Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection

The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

CVE-2026-46548

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the request-filtering-agent SSRF protection was non-functional in the four notification webhook plugins Slack, Discord, Mattermost, Teams because httpAgent / httpsAgent were passed as part of the request body rather th...

WordPress WP Latest Posts plugin <= 5.0.11 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Latest Posts versions = 5.0.11...

My Geo Posts Free <= 1.2 - PHP Object Injection

The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If ...

CVE-2025-66336

creationtimestamp| type| source ---|---|--- 2026-06-22 05:11:18+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mou4q3l4li2d 2026-06-22 11:50:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mouszmlsfm2j 2026-06-23 02:30:32+00:00| seen|...

CVE-2016-5681

creationtimestamp| type| source ---|---|--- 2026-06-22 03:33:58+00:00| seen| https://bsky.app/profile/ahmandonk.bsky.social/post/3motxbzt5uj2u 2026-06-22 08:01:23+00:00| seen| https://bsky.app/profile/potato.software/post/3mouga7voxc2f 2026-06-22 08:01:23+00:00| seen|...

CVE-2025-71357

creationtimestamp| type| source ---|---|--- 2026-06-21 16:28:41+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3moss4gcist27 2026-06-21 17:23:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mosv6sga2a2k...

CVE-2026-12786

creationtimestamp| type| source ---|---|--- 2026-06-21 09:00:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116787277091790305 2026-06-21 11:45:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moscbep5rm2n...

CVE-2026-12780

creationtimestamp| type| source ---|---|--- 2026-06-21 06:00:27+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3moroz2af4t2o 2026-06-21 06:00:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116786569196289935 2026-06-22 12:39:57+00:00| seen|...

CVE-2026-11912

creationtimestamp| type| source ---|---|--- 2026-06-20 11:59:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mopsmtdged2h 2026-06-20 12:00:31+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mopsnvc2xj2l 2026-06-20 12:00:39+00:00| seen|...

CVE-2026-56082

creationtimestamp| type| source ---|---|--- 2026-06-19 23:24:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mooifngnaj2q 2026-06-20 01:01:13+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3moonsslcpx2x...

CVE-2026-50559

creationtimestamp| type| source ---|---|--- 2026-06-19 20:57:38+00:00| seen| https://bsky.app/profile/suriq.io/post/3mooa7iyulz2r 2026-06-19 22:18:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mooeqikk4j2g...

CVE-2026-7515

creationtimestamp| type| source ---|---|--- 2026-06-19 09:00:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3momy567jwx2t 2026-06-19 09:00:34+00:00| seen| https://infosec.exchange/users/offseq/statuses/116775952596013865 2026-06-22 00:39:28+00:00| seen|...

CVE-2026-9013

CVE-2026-9013 affects the WordPress Bogo plugin (

EUVD-2026-37983

The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogorestcreateposttranslation. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the raw title, content, excerpt,...

CVE-2026-54219

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were...

CVE-2026-54219 Stored XSS in UBB.threads

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were...

EUVD-2026-37882

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were...