CVE-2026-6236

CVE-2026-6236 affects the WordPress plugin Posts map (versions up to and including 0.1.3). The root cause is insufficient input sanitization and output escaping for the 'name' shortcode attribute , leading to Stored Cross-Site Scripting. The vulnerability requires authenticated access at contribu...

CVE-2026-6236 Posts map <= 0.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute

The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' shortcode attribute in all versions up to, and including, 0.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2026-6246 Simple Random Posts Shortcode <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'container_right_width' Shortcode Attribute

The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'containerrightwidth' attribute of the 'simplerandomposts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-6246 Simple Random Posts Shortcode <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'container_right_width' Shortcode Attribute

The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'containerrightwidth' attribute of the 'simplerandomposts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-6246

The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'containerrightwidth' attribute of the 'simplerandomposts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied...

Improper Authentication

Mattermost is vulnerable to improper authentication. The vulnerability is due to failure to validate plugin bot identity in reaction forwarding, which allows an attacker to hijack the GitHub reaction feature and make users add reactions to arbitrary GitHub objects via crafted notification posts...

CVE-2026-40343

creationtimestamp| type| source ---|---|--- 2026-04-22 02:12:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mk2gcftelj2c 2026-04-22 02:15:27+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mk2gh34d43w2...

CVE-2026-41059

creationtimestamp| type| source ---|---|--- 2026-04-22 01:19:23+00:00| seen| Telegram/LUR06ONloRlViUIW27ojzHZG9BE33b4Dag-8VffcgXgN8 2026-04-22 02:19:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mk2gplkftj2i 2026-04-22 02:24:27+00:00| seen|...

PT-2026-34307

Name of the Vulnerable Software and Affected Versions Posts map plugin for WordPress versions prior to 0.1.4 Description Insufficient input sanitization and output escaping on user supplied attributes allow authenticated attackers with contributor-level access and above to inject arbitrary web...

WordPress plugin Posts map 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin Simple Random Posts Shortcode 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-6832

creationtimestamp| type| source ---|---|--- 2026-04-21 22:37:18+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk22bewh6y2z 2026-04-21 22:40:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mk22ho3kj22i 2026-04-21 22:53:51+00:00| seen|...

CVE-2025-13826

creationtimestamp| type| source ---|---|--- 2026-04-21 10:55:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjyt226zkl2e 2026-04-21 10:56:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjyt3xbero2n 2026-04-21 11:16:33+00:00| published-proof-of-concept|...

CVE-2026-31368

creationtimestamp| type| source ---|---|--- 2026-04-21 07:26:48+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mjyhfby5pv23 2026-04-21 07:30:34+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mjyhlzy3vh2c 2026-04-21 09:15:10+00:00| seen|...

CVE-2026-42205

creationtimestamp| type| source ---|---|--- 2026-04-20 20:37:36+00:00| published-proof-of-concept| https://github.com/avo-hq/avo/security/advisories/GHSA-qc5p-3mg5-9fh8 2026-05-08 22:28:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlerpne5yd2r 2026-05-08 22:29:00+00:00...

CVE-2026-2986

The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'otherattributes' parameter in versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-26944

creationtimestamp| type| source ---|---|--- 2026-04-20 17:21:45+00:00| seen| Telegram/7kKxZY5KjVtNNq82uAZn6qPfMFkWsKJQXsAec31tFmY88 2026-04-20 18:24:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjx3nq4or32c 2026-04-20 18:50:13+00:00| seen|...

CVE-2026-30266

creationtimestamp| type| source ---|---|--- 2026-04-20 14:09:49+00:00| seen| https://t.me/bdufstecru/3092 2026-04-20 18:47:56+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjx4ycn7lz2r 2026-04-20 18:50:20+00:00| seen|...

CVE-2026-6630

creationtimestamp| type| source ---|---|--- 2026-04-20 12:25:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjwhlzf3kt2k 2026-04-20 13:16:52+00:00| published-proof-of-concept| Telegram/7GNSW27Y2N6zMsJzLht94-sDuqQRdO09nNnVciVhTSt0Y 2026-04-20 13:22:21+00:00| seen|...

CVE-2026-6603

creationtimestamp| type| source ---|---|--- 2026-04-20 07:15:49+00:00| published-proof-of-concept| Telegram/UmvoOoU43UC2jMqfLobJT4zrFIQl61G8LbQOBbZSD5gsLA 2026-04-20 08:19:27+00:00| seen| https://bsky.app/profile/basefortify.bsky.social/post/3mjvzuaeas22y 2026-04-20 08:19:27+00:00| seen|...