CVE-2026-3005 List category posts <= 0.94.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'catlist' Shortcode

The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.94.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-40116

creationtimestamp| type| source ---|---|--- 2026-04-09 10:01:39+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-q5r4-47m9-5mc7 2026-04-09 23:30:43+00:00| seen| Telegram/1cCualjPQDoYUsDnolnQpk7NGC4b1xwJPWps9hRWMxLLCE 2026-04-10 06:11:40+00:00|...

CVE-2026-40113

creationtimestamp| type| source ---|---|--- 2026-04-09 10:01:26+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-fvxx-ggmx-3cjg 2026-04-09 23:30:43+00:00| seen| Telegram/1cCualjPQDoYUsDnolnQpk7NGC4b1xwJPWps9hRWMxLLCE 2026-04-10 01:15:31+00:00|...

CVE-2026-34177

creationtimestamp| type| source ---|---|--- 2026-04-09 07:11:55+00:00| published-proof-of-concept| https://github.com/canonical/lxd/security/advisories/GHSA-fm2x-c5qw-4h6f 2026-04-09 10:18:23+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mj2lf2ld5q2m 2026-04-09...

CVE-2026-34178

creationtimestamp| type| source ---|---|--- 2026-04-09 07:11:17+00:00| published-proof-of-concept| https://github.com/canonical/lxd/security/advisories/GHSA-q96j-3fmm-7fv4 2026-04-09 10:18:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mj2lfcfidj2s 2026-04-09...

CVE-2025-13926

creationtimestamp| type| source ---|---|--- 2026-04-09 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-01 2026-04-09 20:55:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj3oz6effv2q 2026-04-09 21:10:36+00:00| seen|...

CVE-2026-4436

creationtimestamp| type| source ---|---|--- 2026-04-09 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-02 2026-04-09 21:22:41+00:00| published-proof-of-concept| Telegram/3Mh7UNYEFXpMlnqwZliCqvVomRJKwd1lMrCq1dUb7HxJoTM 2026-04-09 21:37:12+00:00| seen|...

CVE-2026-39863

creationtimestamp| type| source ---|---|--- 2026-04-09 01:27:07+00:00| seen| Telegram/CihYo3BrEf6YGxiGwCEATnWAB3StjZgrXU02lSezsa6vAg 2026-04-09 07:00:18+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mj2acu2yva2x 2026-04-09 07:00:56+00:00| seen|...

EUVD-2026-20783

The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliderStyle' block attribute in the Posts Slider block in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

WordPress plugin List category posts 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

CVE-2026-5711

The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliderStyle' block attribute in the Posts Slider block in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

CVE-2026-5711 Post Blocks & Tools <= 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'sliderStyle' Block Attribute

The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliderStyle' block attribute in the Posts Slider block in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

CVE-2026-5711 Post Blocks & Tools <= 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'sliderStyle' Block Attribute

The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliderStyle' block attribute in the Posts Slider block in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

CVE-2026-40070

creationtimestamp| type| source ---|---|--- 2026-04-08 21:00:05+00:00| published-proof-of-concept| https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-hc36-c89j-5f4j 2026-04-09 19:23:14+00:00| seen| Telegram/Y2UpQC9zCL6PqNfAxsSoQJ7YUumR5oW0JI3RILB7SgtOVH4 2026-04-09 21:00:08+00:00|...

CVE-2026-40088

creationtimestamp| type| source ---|---|--- 2026-04-08 20:29:05+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-2763-cj5r-c79m 2026-04-09 20:52:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj3osk6xzy22 2026-04-09...

CVE-2026-33229

creationtimestamp| type| source ---|---|--- 2026-04-08 16:00:21+00:00| seen| https://infosec.exchange/users/offseq/statuses/116369917209946972 2026-04-08 16:00:23+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3miynznv7la2f 2026-04-08 17:17:30+00:00| seen|...

EUVD-2026-20125

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2sid' parameter belongs to...

EUVD-2026-20058

The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts...

CVE-2026-4330 Blog2Social: Social Media Auto Post & Scheduler <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2sid' parameter belongs to...

CVE-2026-4330 Blog2Social: Social Media Auto Post & Scheduler <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2sid' parameter belongs to...