6150 matches found
CVE-2026-41001
creationtimestamp| type| source ---|---|--- 2026-06-11 06:47:07+00:00| seen| https://bsky.app/profile/0.5ritter.de/post/3mnymx7g2722u 2026-06-11 06:49:09+00:00| seen| https://bsky.app/profile/0.5ritter.de/post/3mnyn2l2qo22u...
CVE-2026-40992
creationtimestamp| type| source ---|---|--- 2026-06-11 06:47:07+00:00| seen| https://bsky.app/profile/0.5ritter.de/post/3mnymx7g2722u 2026-06-11 06:49:07+00:00| seen| https://bsky.app/profile/0.5ritter.de/post/3mnyn2l2qo22u 2026-06-11 12:40:06+00:00| seen|...
My Geo Posts Free <= 1.2 - PHP Object Injection
The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If ...
WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
WordPress before 5.2.4 contains an information disclosure caused by mishandling of the static query property, letting unauthenticated users view certain content, exploit requires no authentication. id: CVE-2019-17671 info: name: WordPress = 5.2.4 - Unauthenticated View Private/Draft Posts author:...
CVE-2026-35273
creationtimestamp| type| source ---|---|--- 2026-06-11 03:02:12+00:00| seen| https://bsky.app/profile/baldanders.info/post/3mnyaf4l2qg2y 2026-06-11 03:02:21+00:00| seen| https://bsky.app/profile/mstdn.baldanders.info/post/3mnyaf7ikomd2 2026-06-11 04:00:15+00:00| seen|...
CVE-2026-44693
creationtimestamp| type| source ---|---|--- 2026-06-11 02:00:47+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mny4xbjy4l27 2026-06-11 03:22:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnybigf6cc2l...
CVE-2026-42558
creationtimestamp| type| source ---|---|--- 2026-06-11 02:00:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mny4wzvgc72p 2026-06-11 02:55:23+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mny7yw76252o...
EUVD-2026-36139
Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdpactionhandling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...
CVE-2026-53738
creationtimestamp| type| source ---|---|--- 2026-06-10 23:00:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnxsuuqatl2n 2026-06-10 23:42:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnxv7oxlmf2i...
CVE-2026-53738 Copy & Delete Posts through 1.5.4 Privilege Escalation via cdp_action_handling Handler
Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdpactionhandling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...
CVE-2026-53738
CVE-2026-53738 affects the WordPress plugin Copy & Delete Posts, up to version 1.5.4. The vulnerability stems from the cdp_action_handling AJAX handler, where any plugin-enabled non-admin role can invoke every operation, bypassing per-function capability checks. This enables attackers with an ena...
CVE-2026-53738 Copy & Delete Posts through 1.5.4 Privilege Escalation via cdp_action_handling Handler
Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdpactionhandling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...
CVE-2026-9019
creationtimestamp| type| source ---|---|--- 2026-06-10 11:31:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnwmf5ckts2r 2026-06-10 18:04:38+00:00| seen| https://bsky.app/profile/donwebmedia.bsky.social/post/3mnxcdurote2a...
CVE-2026-52884
creationtimestamp| type| source ---|---|--- 2026-06-10 11:18:20+00:00| seen| https://bsky.app/profile/hn100.bsky.social/post/3mnwlmv624n2n 2026-06-10 11:19:33+00:00| seen| https://bsky.app/profile/hnws.bsky.social/post/3mnwlpjjr3e22 2026-06-10 11:20:05+00:00| seen|...
CVE-2026-9067
creationtimestamp| type| source ---|---|--- 2026-06-10 11:03:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnwkswfh3g2u 2026-06-10 12:00:19+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mnwnygdhh62q 2026-06-10 12:00:40+00:00| seen|...
CVE-2026-3018
creationtimestamp| type| source ---|---|--- 2026-06-10 11:00:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnwknm5q4p2y 2026-06-10 11:16:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnwlkbkl762m 2026-06-10 12:00:23+00:00| seen|...
CVE-2026-8071
creationtimestamp| type| source ---|---|--- 2026-06-10 10:54:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnwkcoeuvv2r 2026-06-10 12:00:21+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mnwnyiff372t 2026-06-10 12:00:36+00:00| seen|...
CVE-2026-8940
The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the top-level included script in msp-options.php. This makes it possible for unauthenticated attackers to chan...
CVE-2026-8613
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'titletag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-8613 aThemes Addons for Elementor <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' Widget Setting
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'titletag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...