CVE-2026-2879

The CVE-2026-2879 entry concerns GetGenie (WordPress) plugin

WordPress GetGenie plugin <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Post Overwrite/Deletion vulnerability

Insecure Direct Object Reference to Authenticated Author+ Arbitrary Post Overwrite/Deletion vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin GetGenie versions = 4.3.2...

CVE-2026-22193

creationtimestamp| type| source ---|---|--- 2026-03-13 03:00:40+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mgvwdhmewg2r 2026-03-13 03:00:42+00:00| seen| https://infosec.exchange/users/offseq/statuses/116219631142137867 2026-03-18 03:20:09+00:00| seen|...

PT-2026-25177

Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through = 1.9.1...

WordPress plugin Advanced Related Posts 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin List category posts 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

PT-2026-25265

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects List category posts: from n/a through = 0.93.1...

CVE-2026-32319

creationtimestamp| type| source ---|---|--- 2026-03-12 22:40:05+00:00| seen| https://gist.github.com/alon710/513d69d6cc7cbaf7bac9c0b1746fd288 2026-03-12 22:43:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgvhxyict32z 2026-03-12 23:04:32+00:00| seen|...

CVE-2026-1526

creationtimestamp| type| source ---|---|--- 2026-03-12 20:16:23+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-1526 2026-03-12 20:37:13+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mgvavqinos2f 2026-03-12 21:38:34+00:00| seen|...

CVE-2026-3657

creationtimestamp| type| source ---|---|--- 2026-03-12 20:02:07+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgv6x2i3kg2u 2026-03-12 20:16:12+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgv7qauin225 2026-03-20 21:03:04+00:00| seen|...

CVE-2026-32260

creationtimestamp| type| source ---|---|--- 2026-03-12 19:16:06+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-32260 2026-03-12 20:48:27+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgvbjw2raa2u 2026-03-12 21:40:50+00:00| seen|...

CVE-2026-21670

creationtimestamp| type| source ---|---|--- 2026-03-12 14:10:21+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mgulc3hpkk2q 2026-03-12 15:52:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mguqxuxgfo2e 2026-03-12 16:17:32+00:00| seen|...

CVE-2026-21669

creationtimestamp| type| source ---|---|--- 2026-03-12 14:10:21+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mgulc3hpkk2q 2026-03-12 15:37:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mguq65ejqe2z 2026-03-12 16:17:25+00:00| seen|...

CVE-2026-3917

creationtimestamp| type| source ---|---|--- 2026-03-12 01:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260312 2026-03-12 21:00:55+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgvca7obhy2v 2026-03-12 21:01:23+00:00|...

SUSE CVE-2025-13767

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...

CVE-2026-28281

InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled tasks, move posts to trash, and accept friend requests on behalf of the user. This vulnerability...

PT-2026-24598

The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the ha duplicate thing admin action handler. This is due to the can clone method only checking current user can'edit posts' a general capability...

PT-2026-24659

Name of the Vulnerable Software and Affected Versions WordPress versions 6.9 through 6.9.1 Description WordPress core is susceptible to unauthorized access. The Notes feature, introduced in WordPress 6.9, allows for collaborative annotations on posts within the block editor. However, the REST API...

CVE-2026-28281

InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled tasks, move posts to trash, and accept friend requests on behalf of the user. This vulnerability...

CVE-2025-41711

creationtimestamp| type| source ---|---|--- 2026-03-10 07:23:01+00:00| seen| https://infosec.exchange/users/certvde/statuses/116203676038306087 2026-03-10 07:24:51+00:00| seen| https://infosec.exchange/users/certvde/statuses/116203682967755268...