CVE-2026-3155

The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.8.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-0718

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultpshareCountcallback function in all versions up to, and including, 5.0.5. This makes it possible for...

PT-2026-33282

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultp shareCount callback function in all versions up to, and including, 5.0.5. This makes it possible for...

PT-2026-33307

The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.8.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-20180

creationtimestamp| type| source ---|---|--- 2026-04-15 16:21:38+00:00| seen| https://infosec.exchange/users/AAKL/statuses/116409637135769540 2026-04-15 17:18:54+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjkfoj4tgf2w 2026-04-15 17:21:15+00:00| seen|...

CVE-2026-3649

The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.0. The katalogportalpopupshortcode function is registered as an AJAX handler via wpajaxkatalogportalshortcodePrinter but lacks any capability check currentusercan or nonc...

CVE-2026-1555

creationtimestamp| type| source ---|---|--- 2026-04-15 04:30:31+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mjj2qkoar62p 2026-04-15 04:30:31+00:00| seen| https://infosec.exchange/users/offseq/statuses/116406840802962869 2026-04-15 05:06:37+00:00| seen|...

CVE-2026-4812

The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions witho...

WordPress Advanced Custom Fields (ACF®) plugin <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters vulnerability

Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters vulnerability discovered by Fernando Mecozzi in WordPress Plugin Advanced Custom Fields versions = 6.7.0...

CVE-2026-4812

The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions witho...

CVE-2026-4812

The CVE describes a vulnerability in Advanced Custom Fields (ACF) for WordPress, affecting versions up to 6.7.0. The issue arises from AJAX field query endpoints that accept user-supplied filter parameters, which override field-configured restrictions without proper authorization checks. This all...

CVE-2026-4812 Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters

The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions witho...

CVE-2026-4812 Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters

The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions witho...

CVE-2026-34003

creationtimestamp| type| source ---|---|--- 2026-04-15 00:01:55+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqa5my42c 2026-04-15 00:01:59+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqekqju2g 2026-04-19 02:01:28+00:00| seen|...

CVE-2026-34000

creationtimestamp| type| source ---|---|--- 2026-04-15 00:01:54+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqa5my42c 2026-04-15 00:01:58+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqdjg3t2u 2026-04-19 02:01:28+00:00| seen|...

CVE-2026-33999

creationtimestamp| type| source ---|---|--- 2026-04-15 00:01:54+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqa5my42c 2026-04-15 00:01:57+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqdjg3t2u 2026-04-19 02:01:26+00:00| seen|...

CVE-2026-34001

creationtimestamp| type| source ---|---|--- 2026-04-15 00:01:54+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqa5my42c 2026-04-15 00:01:58+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqdjg3t2u 2026-04-19 02:01:28+00:00| seen|...

PT-2026-33003

Name of the Vulnerable Software and Affected Versions Advanced Custom Fields ACF plugin for WordPress versions prior to 6.7.1 Description The plugin contains a flaw where AJAX field query endpoints accept user-supplied filter parameters that override field-configured restrictions without proper...

WordPress Inquiry form to posts or pages plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inq_header' Parameter vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inqheader' Parameter vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Inquiry form to posts or pages versions = 1.0...

WordPress plugin Advanced Custom Fields 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...