CVE-2026-2578 Information Disclosure via WebSocket Event When Deleting Unrevealed Burn on Read Posts

Mattermost versions 11.3.x = 11.3.0 fail to preserve the redacted state of burn-on-read posts during deletion which allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event.. Mattermost Advisory ID: MMSA-2026-00579...

CVE-2026-2578

Mattermost (version 11.3.x, affected range up to 11.3.0) has a vulnerability where the redacted state of burn-on-read posts is not preserved during deletion. This allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event. CVSS v3.1 base score ...

WordPress plugin Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-25759

Mattermost fails to properly enforce read permissions in search API endpoints in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

CVE-2026-2233 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the draftpost function in all versions up to, and including, 4.2.8. This makes it...

CVE-2026-2233

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the draftpost function in all versions up to, and including, 4.2.8. This makes it...

CVE-2026-32633

creationtimestamp| type| source ---|---|--- 2026-03-14 14:52:43+00:00| published-proof-of-concept| https://github.com/nicolargo/glances/security/advisories/GHSA-r297-p3v4-wp8m 2026-03-18 18:41:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhe5b4zree2h 2026-03-18...

CVE-2026-32767

creationtimestamp| type| source ---|---|--- 2026-03-14 11:38:42+00:00| published-proof-of-concept| https://github.com/siyuan-note/siyuan/security/advisories/GHSA-j7wh-x834-p3r7 2026-03-20 01:30:32+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mhhekrmut22c 2026-03-20 01:30:33+00:0...

EUVD-2026-11943

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects List category posts: from n/a through = 0.93.1...

EUVD-2026-11802

Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through = 1.9.1...

CVE-2026-32419

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects List category posts: from n/a through = 0.93.1...

CVE-2026-32329

Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through = 1.9.1...

CVE-2026-32419 WordPress List category posts plugin <= 0.93.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects List category posts: from n/a through = 0.93.1...

CVE-2026-32419

The CVE relates to a DOM-Based XSS in the WordPress plugin List category posts (list-category-posts) up to version 0.93.1, caused by improper neutralization during web page generation. Affected: List category posts; vulnerability type: Cross-Site Scripting (XSS). Impact details are limited to the...

CVE-2026-32419 WordPress List category posts plugin <= 0.93.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects List category posts: from n/a through = 0.93.1...

CVE-2026-32419

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects List category posts: from n/a through = 0.93.1...

CVE-2026-32329 WordPress Advanced Related Posts plugin <= 1.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through = 1.9.1...

CVE-2026-32329

Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through = 1.9.1...

CVE-2026-32329

The CVE-2026-32329 entry concerns WordPress plugin Advanced Related Posts (Ays Pro) in the component advanced-related-posts, affected up to version 1.9.1. The root cause is a Missing Authorization/Incorrectly Configured Access Control vulnerability, i.e., Broken Access Control that could enable u...

CVE-2026-32329 WordPress Advanced Related Posts plugin <= 1.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through = 1.9.1...