6182 matches found
CVE-2025-58150
creationtimestamp| type| source ---|---|--- 2026-01-27 11:03:01+00:00| seen| https://seclists.org/oss-sec/2026/q1/117 2026-01-27 12:42:16+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mdfru2qhmm2b 2026-01-27 13:41:11+00:00| seen|...
CVE-2026-23864
creationtimestamp| type| source ---|---|--- 2026-01-26 19:51:27+00:00| seen| https://bsky.app/profile/jviide.iki.fi/post/3mddzei5nh22t 2026-01-26 19:54:19+00:00| seen| https://bsky.app/profile/jviide.iki.fi/post/3mddzjn4yvk2t 2026-01-26 20:14:04+00:00| seen|...
CVE-2025-53086
creationtimestamp| type| source ---|---|--- 2026-01-26 16:57:24+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mddpnbfrlk23 2026-01-26 16:58:37+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mddppcmotk23...
WordPress User Submitted Posts - Enable Users to Submit Posts from the Front End plugin <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field vulnerability
WordPress User Submitted Posts - Enable Users to Submit Posts from the Front End plugin = 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field vulnerability discovered by Balamurugan R in WordPress Plugin User Submitted Posts versions = 20251210...
CVE-2025-6461
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...
CVE-2025-14797
The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to the use of htmlspecialcharsdecode on taxonomy term names before output, which decodes HTML entities...
CVE-2025-14907
The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...
CVE-2026-0800
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including, 20251210 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-6461
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...
CVE-2025-6461 CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...
EUVD-2026-4642
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...
CVE-2025-6461 CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...
CVE-2025-6461
CVE-2025-6461 affects the CubeWP Framework (WordPress) and is due to Information Exposure via the search functionality in class-cubewp-search-ajax-hooks.php. It applies to all versions up to and including 1.1.27, enabling unauthenticated attackers to retrieve data from password-protected, private...
PT-2026-4645
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...
CVE-2026-24596
Cross-Site Request Forgery CSRF vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts Thumbnails Plugin for WordPress: from n/a through = 4.3.2...
CVE-2026-24587
Missing Authorization vulnerability in kutsy AJAX Hits Counter + Popular Posts Widget ajax-hits-counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Hits Counter + Popular Posts Widget: from n/a through = 0.10.210305...
CVE-2026-1257
creationtimestamp| type| source ---|---|--- 2026-01-24 10:15:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3md5ybqmnum2j 2026-01-24 11:35:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3md64pynkad23...
CVE-2025-14907
The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...
CVE-2025-14907
The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...
CVE-2025-14907 Moderate Selected Posts <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update
The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...