CVE-2026-35447

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...

GHSA-VH89-RJPH-2G7P baserCMS has an SQL injection vulnerability in its blog post functionality

baserCMS has a SQL injection vulnerability in blog posts. Target baserCMS 5.2.2 and earlier versions Vulnerability Malicious SQL may be executed in blog posts. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information...

PT-2025-43783

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Tadlock Query Posts query-posts allows Stored XSS.This issue affects Query Posts: from n/a through = 0.3.2...

EUVD-2017-9329

Malware in sbrugna...

CVE-2025-32801

creationtimestamp| type| source ---|---|--- 2025-05-28 14:42:56+00:00| seen| https://seclists.org/oss-sec/2025/q2/176 2025-05-28 15:24:20+00:00| seen| https://seclists.org/oss-sec/2025/q2/177 2025-05-28 16:15:52+00:00| seen| https://seclists.org/oss-sec/2025/q2/178 2025-05-28 16:25:37+00:00| seen...

CVE-2024-3275

The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the searchposts function. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain post excerpts...

CVE-2025-4171

The WZ Followed Posts – Display what visitors are reading plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wfp' shortcode in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

CVE-2024-52975

creationtimestamp| type| source ---|---|--- 2025-01-22 16:02:59+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113872848727322418 2025-01-23 07:29:56+00:00| seen| https://infosec.exchange/users/cve/statuses/113876493631662291 2025-01-23 08:03:12+00:00| seen|...

CVE-2025-23476

Cross-Site Request Forgery CSRF vulnerability in isnowfy my-related-posts my-related-posts allows Stored XSS.This issue affects my-related-posts: from n/a through = 1.1...

PT-2024-36316 · Unknown · Linda Macphee-Cobb Category Of Posts

Name of the Vulnerable Software and Affected Versions: Linda MacPhee-Cobb Category of Posts versions n/a through 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on...

Sql injection

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=edit...

Sql injection

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&find=...

CVE-2021-46458

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=addpost. This vulnerability can be exploited through a crafted POST request via the posttitle parameter...

CVE-2014-0165

WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php...