CVE-2026-4338

The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts...

CVE-2026-5169

CVE-2026-5169 concerns the WordPress plugin “Inquiry Form to Posts or Pages” (versions

CVE-2026-4338

CVE-2026-4338 (ActivityPub Routing

CVE-2026-4338 ActivityPub Routing < 8.0.2 - Unauthenticated Drafts/Scheduled/Pending Posts Disclosure

The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts...

CVE-2026-4338 ActivityPub Routing < 8.0.2 - Unauthenticated Drafts/Scheduled/Pending Posts Disclosure

The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts...

CVE-2026-3513 TableOn – WordPress Posts Table Filterable <= 1.0.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute

The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tableonbutton' shortcode in all versions up to and including 1.0.4.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes...

PT-2026-31473

The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliderStyle' block attribute in the Posts Slider block in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

WordPress plugin Blog2Social: Social Media Auto Post & Scheduler 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress plugin TableOn – WordPress Posts Table Filterable 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-31109

Name of the Vulnerable Software and Affected Versions Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress versions up to and including 8.8.3 Description The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is susceptible to authorization bypass. This occurs...

PT-2026-31089

CVE-2026-4338 The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts https://t.co/WVixohTZmU...

Code-Projects Easy Blog Site 代码注入漏洞

Code-Projects Easy Blog Site is an easy blog website developed by Code-Projects as open source. Version 1.0 of code-projects Easy Blog Site has a code injection vulnerability, which stems from the handling of the parameter postTitle in the file posts/update.php. This vulnerability may lead to...

WordPress plugin ActivityPub 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Inquiry form to posts or pages plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Header Field vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Form Header Field vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Inquiry form to posts or pages versions = 1.0...

CVE-2026-4788

creationtimestamp| type| source ---|---|--- 2026-04-07 16:16:41+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4788 2026-04-08 03:16:41+00:00| seen| Telegram/dROJOrCDMnkwqXhb9-Y-ghLBhlUA50W24DQUefxFEp990g8 2026-04-08 04:48:38+00:00| seen|...

CVE-2026-5627

creationtimestamp| type| source ---|---|--- 2026-04-07 14:30:18+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mivyjoek5x26 2026-04-07 14:30:22+00:00| seen| https://infosec.exchange/users/offseq/statuses/116363900721699665 2026-04-07 14:44:48+00:00| seen|...

CVE-2026-31842

creationtimestamp| type| source ---|---|--- 2026-04-07 12:18:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mivr5irynv2p 2026-04-07 12:18:31+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mivr5s6skm2s 2026-04-07 13:16:15+00:00|...

CVE-2026-34896

creationtimestamp| type| source ---|---|--- 2026-04-07 10:10:13+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mivjymbw6f2s 2026-04-07 10:30:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mivl4qvjwe2n 2026-04-07 13:55:24+00:00| seen|...

BIT-DISCOURSE-2026-32620 Discourse: Missing post-level authorization allows whisper metadata disclosure

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, non-staff users could access read receipt information for staff-only posts they weren't supposed to see. No post content was exposed, only metadata about who read the post...

CVE-2026-5465

creationtimestamp| type| source ---|---|--- 2026-04-07 08:01:05+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mivcqtypg327 2026-04-07 09:15:25+00:00| seen| Telegram/UjrnvOa2JLE3qzXsFYe7vk49vQcInvR-SenKatBboIQ7n94 2026-04-07 09:37:20+00:00| seen|...