CVE-2025-14976

CVE-2025-14976 : The WordPress plugin “User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder” is affected by Cross-Site Request Forgery due to missing/incorrect nonce validation in process_row_actions f...

CVE-2025-14943 Blog2Social: Social Media Auto Post & Scheduler <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.7.2. This is due to a misconfigured authorization check on the 'getShipItemFullText' function which only verifies that a user has the...

CVE-2025-14943

CVE-2025-14943 affects Blog2Social: Social Media Auto Post & Scheduler for WordPress. The vulnerability arises from a misconfigured authorization check in getShipItemFullText: it only verifies Subscriber-level read capability and a valid nonce, but does not confirm access permissions for the spec...

CVE-2025-13457

creationtimestamp| type| source ---|---|--- 2026-01-10 05:01:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mc2a5p4t4g2u 2026-01-10 05:02:58+00:00| published-proof-of-concept| Telegram/UDMk206lgQvLt4zm60yBzpmxh6GeqSRvdRaLpn90JAOiIEo 2026-01-10 05:19:56+00:00| seen|...

CVE-2025-65091

creationtimestamp| type| source ---|---|--- 2026-01-10 05:00:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mc2a4r3gka2b 2026-01-10 05:02:37+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mc2aahpcx527 2026-01-10 05:02:58+00:00|...

CVE-2025-59057

creationtimestamp| type| source ---|---|--- 2026-01-10 03:23:12+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mc22opzydx2g 2026-01-10 03:23:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mc22plsyrs22 2026-01-10 03:25:05+00:00| seen|...

CVE-2026-22595

creationtimestamp| type| source ---|---|--- 2026-01-10 03:22:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mc22nslknq2t 2026-01-10 03:23:06+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mc22ojbnyy2t 2026-01-10 04:02:47+00:00|...

CVE-2026-22594

creationtimestamp| type| source ---|---|--- 2026-01-10 03:22:35+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mc22nlkmkt2z 2026-01-10 03:22:57+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mc22obo6f52p 2026-01-10 04:02:47+00:00|...

CVE-2026-22030

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

CVE-2026-22697

creationtimestamp| type| source ---|---|--- 2026-01-10 01:30:56+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzufwx7vt2v 2026-01-10 01:54:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbzvpoxhg22y 2026-01-10 02:04:17+00:00| published-proof-of-concept|...

CVE-2026-21898

creationtimestamp| type| source ---|---|--- 2026-01-10 01:26:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbzu5dqnhi2q 2026-01-10 01:31:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzug6qgwq2u 2026-01-10 02:04:07+00:00| published-proof-of-concept|...

WordPress plugin Blog2Social 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-15500

creationtimestamp| type| source ---|---|--- 2026-01-09 23:00:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzlz4zqto2p 2026-01-09 23:01:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzm2cmv4u2f 2026-01-09 23:02:28+00:00| seen|...

CVE-2025-67070

creationtimestamp| type| source ---|---|--- 2026-01-09 22:39:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbzktodu6e2r 2026-01-09 23:01:31+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzm2s3tka2v 2026-01-09 23:02:37+00:00| seen|...

CVE-2026-0830

creationtimestamp| type| source ---|---|--- 2026-01-09 22:00:56+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbziogyzqy2m 2026-01-09 22:07:00+00:00| seen| Telegram/sbBWfdQsy2QnBSyrchCbfVHeoFEwmnGugyfSbtG1Df5cAwQ 2026-01-09 23:49:41+00:00| seen|...

CVE-2025-56425

creationtimestamp| type| source ---|---|--- 2026-01-09 19:58:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzbttdf6v2t 2026-01-09 19:59:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzbupap4v2t...

CVE-2025-67825

creationtimestamp| type| source ---|---|--- 2026-01-09 19:58:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzbtla2jk2v 2026-01-09 19:59:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzbuhkze62u...

CVE-2023-4725

The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-4036

The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones...

CVE-2017-18585

The posts-in-page plugin before 1.3.0 for WordPress has icaddposts template='../ directory traversal...