6150 matches found
CVE-2026-6206
The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the getpostpropertyfromquerystring function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract da...
CVE-2026-4812
The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions witho...
CVE-2026-4330
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2sid' parameter belongs to...
CVE-2026-4019
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/postid/blockid using returntrue as the permissioncallback, allowing any...
CVE-2026-40571
NamelessMC is website software for Minecraft servers. In version 2.2.4, core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private...
CVE-2025-5088
creationtimestamp| type| source ---|---|--- 2026-06-05 19:26:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnkume56ia2u 2026-06-05 19:50:03+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mnkvvrkemq23 2026-06-06 01:01:18+00:00| seen|...
CVE-2026-35447
NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...
CVE-2026-3499
The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 13.4.6 through 13.5.2.1. This is due to missing or incorrect nonce validation on the ajaxmigratetocustomposttype,...
CVE-2026-42755
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through = 1.0.5.1...
CVE-2026-40461
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...
CVE-2026-48020
creationtimestamp| type| source ---|---|--- 2026-06-05 13:08:01+00:00| seen| https://bsky.app/profile/dbt3.ch/post/3mnk7guqlhu2h 2026-06-05 13:35:31+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnkay2lpgr2j 2026-06-05 15:00:01+00:00| seen|...
CVE-2026-10881
creationtimestamp| type| source ---|---|--- 2026-06-05 11:33:52+00:00| seen| https://bsky.app/profile/infosecbriefly.bsky.social/post/3mnk26jjkl62n 2026-06-05 11:33:52+00:00| seen| https://bsky.app/profile/infosecbriefly.bsky.social/post/3mnk26jjkl62n 2026-06-05 13:23:23+00:00| seen|...
CVE-2026-11074
creationtimestamp| type| source ---|---|--- 2026-06-05 11:00:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnjycx2u532p 2026-06-05 11:00:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnjycx2u532p 2026-06-05 13:24:03+00:00| seen|...
CVE-2026-38978
creationtimestamp| type| source ---|---|--- 2026-06-05 10:19:23+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mnjvzbm7kc22 2026-06-05 10:19:23+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mnjvzbm7kc22 2026-06-05 10:19:24+00:00| seen|...
CVE-2016-8863
creationtimestamp| type| source ---|---|--- 2026-06-05 10:19:08+00:00| seen| https://bsky.app/profile/midnaw.tobskep.com/post/3mnjvyseacs2t 2026-06-05 10:19:08+00:00| seen| https://bsky.app/profile/midnaw.tobskep.com/post/3mnjvyseacs2t...
CVE-2026-11118
creationtimestamp| type| source ---|---|--- 2026-06-05 10:02:46+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnjv3mr2ng2k 2026-06-05 10:02:46+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnjv3mr2ng2k 2026-06-05 13:24:10+00:00| seen|...
CVE-2026-11117
creationtimestamp| type| source ---|---|--- 2026-06-05 10:02:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnjv3g4tmw2k 2026-06-05 10:02:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnjv3g4tmw2k 2026-06-05 13:24:10+00:00| seen|...
CVE-2026-11125
creationtimestamp| type| source ---|---|--- 2026-06-05 10:02:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnjv37jabq2n 2026-06-05 10:02:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnjv37jabq2n 2026-06-05 13:24:11+00:00| seen|...
CVE-2026-43965
creationtimestamp| type| source ---|---|--- 2026-06-05 09:52:49+00:00| seen| https://bsky.app/profile/janvhs.com/post/3mnjujssgpk2p 2026-06-05 10:19:37+00:00| seen| https://bsky.app/profile/janvhs.com/post/3mnjvzqchfk2a 2026-06-05 10:19:37+00:00| seen|...
CVE-2026-32685
creationtimestamp| type| source ---|---|--- 2026-06-05 09:52:49+00:00| seen| https://bsky.app/profile/janvhs.com/post/3mnjujssgpk2p 2026-06-05 09:52:49+00:00| seen| https://bsky.app/profile/janvhs.com/post/3mnjujssgpk2p 2026-06-05 10:19:37+00:00| seen|...