CVE-2025-12074 Context Blog <= 1.2.5 - Unauthenticated Private Post Disclosure

The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'contextblogmodalpopup' due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from passwor...

CVE-2025-12074

The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'contextblogmodalpopup' due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from passwor...

CVE-2025-12074 Context Blog <= 1.2.5 - Unauthenticated Private Post Disclosure

The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'contextblogmodalpopup' due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from passwor...

CVE-2025-12074

CVE-2025-12074 affects Context Blog (WordPress theme) up to version 1.2.5, enabling unauthenticated information exposure through context_blog_modal_popup due to insufficient post-access restrictions. Impact is exposure of data from password-protected, private, or draft posts. Public advisories fr...

CVE-2026-23599

creationtimestamp| type| source ---|---|--- 2026-02-18 00:16:50+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mf3shdxvmq2v 2026-02-18 01:30:32+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mf3wl5z6nx2w 2026-02-18 01:30:32+00:00| seen|...

WordPress plugin EventPrime 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin User Submitted Posts – Enable Users to Submit Posts from the Front End 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

WordPress plugin Blog2Social: Social Media Auto Post & Scheduler 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-20219

Name of the Vulnerable Software and Affected Versions Context Blog theme for WordPress versions through 1.2.5 Description The Context Blog theme for WordPress is susceptible to information disclosure in versions up to and including 1.2.5. This is due to inadequate restrictions on post inclusion...

PT-2026-20377

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the usp get submitted category function accepting user-submitted category IDs from the POST body...

PT-2026-20387

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 6.4.7. This is due to the tpae create page AJAX handler authorizing users only with current...

CVE-2026-26280

creationtimestamp| type| source ---|---|--- 2026-02-17 19:07:11+00:00| published-proof-of-concept| https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-9c88-49p5-5ggf 2026-02-19 21:01:57+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfaiiph3fr2h...

CVE-2026-0929

creationtimestamp| type| source ---|---|--- 2026-02-17 16:13:41+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mf2xhhdjxy2c 2026-02-17 16:13:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mf2xhqm46e26...

PT-2026-23532

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.2 OpenClaw versions 2026.1.30 and earlier Description When Telegram webhook mode is enabled without a configured webhook secret, the software may accept unauthenticated HTTP POST requests at the Telegram webho...

CVE-2026-2101

creationtimestamp| type| source ---|---|--- 2026-02-16 22:34:16+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mez4azsldg26 2026-02-16 22:35:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mez4cgro5n25...

CERTFR-2026-ACT-007

creationtimestamp| type| source ---|---|--- 2026-02-16 12:45:50+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3mey3eubk2s26 2026-02-16 12:45:54+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/116080374524280085 2026-02-16 12:59:54+00:00| seen|...

GHSA-W65C-FVP5-FVC5 Mattermost Plugin Zoom fail to validate user identity and post ownership in the {{/api/v1/askPMI}} endpoint

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate user identity and post ownership in the /api/v1/askPMI endpoint which allows unauthorized users to start Zoom meetings as any user and overwrite arbitrary posts via...

CVE-2026-2517

creationtimestamp| type| source ---|---|--- 2026-02-15 14:30:14+00:00| seen| https://infosec.exchange/users/offseq/statuses/116075122781732578 2026-02-15 14:30:16+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mevqqobasx2h 2026-02-15 15:34:34+00:00| seen|...

CVE-2026-1254

The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.13.6. This is due to the plugin not properly verifying that a user is authorized to modify specific posts before updating them via the REST API...

CVE-2026-22892

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...