6189 matches found
WordPress AJAX Hits Counter + Popular Posts Widget plugin <= 0.10.210305 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin AJAX Hits Counter + Popular Posts Widget versions = 0.10.210305...
CVE-2025-12129
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...
CVE-2025-68121
creationtimestamp| type| source ---|---|--- 2026-01-17 18:48:47+00:00| seen| https://seclists.org/oss-sec/2026/q1/83 2026-01-17 18:51:14+00:00| seen| https://seclists.org/oss-sec/2026/q1/84 2026-01-17 20:13:06+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mcngeykb6u27 2026-01-...
CVE-2026-21623
Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla...
CVE-2025-34451
creationtimestamp| type| source ---|---|--- 2026-01-17 12:06:13+00:00| seen| https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3mcml6ev6c32v 2026-01-17 13:39:19+00:00| seen| https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3mcmqeuwkfo2r...
CVE-2026-0913
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uspaccess' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user...
EUVD-2026-3147
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...
CVE-2025-12129 CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Information Exposure
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...
CVE-2025-12129
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...
CVE-2025-12129
CVE-2025-12129 affects the CubeWP – All-in-One Dynamic Content Framework WordPress plugin (versions up to and including 1.1.27). Unauthenticated attackers can exfiltrate data from password-protected, private, or draft posts via the REST endpoints /cubewp-posts/v1/query-new and /cubewp-posts/v1/qu...
CVE-2025-15527
The WP Recipe Maker plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 10.2.2 via the apigetpostsummary function due to insufficient restrictions on which posts can be retrieved. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-12002
The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sbycheckwpsubmit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it possib...
CVE-2025-12002
The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sbycheckwpsubmit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it possib...
EUVD-2026-3158
The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sbycheckwpsubmit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it possib...
SUSE CVE-2017-18898
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang...
PT-2026-3336
The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sby check wp submit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it...
PT-2026-3353
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...
CVE-2025-69581
creationtimestamp| type| source ---|---|--- 2026-01-16 23:02:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcl7ejtlbs2b 2026-01-16 23:52:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mclc6zk6gh2k...
CVE-2026-23800
creationtimestamp| type| source ---|---|--- 2026-01-16 22:00:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcl3whskkc2v 2026-01-16 22:00:52+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcl3wrinfk2v 2026-01-16 23:57:51+00:00| seen|...
CVE-2026-21623
Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla...