CVE-2025-66398

creationtimestamp| type| source ---|---|--- 2026-01-01 17:54:57+00:00| published-proof-of-concept| https://github.com/SignalK/signalk-server/security/advisories/GHSA-w3x5-7c4c-66p9 2026-01-01 18:21:57+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbeypj7h5c2p 2026-01-01...

CVE-2025-68620

creationtimestamp| type| source ---|---|--- 2026-01-01 17:54:21+00:00| published-proof-of-concept| https://github.com/SignalK/signalk-server/security/advisories/GHSA-fq56-hvg6-wvm5 2026-01-01 20:01:35+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbf6bouxuo2u 2026-01-01...

CVE-2025-14434

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

CVE-2025-49354

Cross-Site Request Forgery CSRF vulnerability in Mindstien Technologies Recent Posts From Each Category recent-posts-from-each-category allows Stored XSS.This issue affects Recent Posts From Each Category: from n/a through = 1.4...

WordPress User Submitted Posts plugin <= 20251121 - Open Redirection vulnerability

Open Redirection vulnerability discovered by benzdeus in WordPress Plugin User Submitted Posts versions = 20251121...

CVE-2025-30628

creationtimestamp| type| source ---|---|--- 2025-12-31 20:56:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbcqvtpyen2y 2025-12-31 21:00:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbcr4nd4cw2u 2026-01-02 08:03:39+00:00| seen|...

CVE-2025-14426

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...

CVE-2025-68996

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows PHP Local File Inclusion.This issue affects Responsive Posts Carousel Pro: from n/a through = 15...

EUVD-2025-205885

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

CVE-2025-49354

Cross-Site Request Forgery CSRF vulnerability in Mindstien Technologies Recent Posts From Each Category recent-posts-from-each-category allows Stored XSS.This issue affects Recent Posts From Each Category: from n/a through = 1.4...

CVE-2025-14434

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

CVE-2025-14434 Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

CVE-2025-14434

CVE-2025-14434 affects the WordPress plugin “Ultimate Post Kit Addons for Elementor” (versions prior to 4.0.16). The issue arises from multiple AJAX endpoints (e.g., loadmore posts) that do not verify whether targeted posts are published, enabling an unauthenticated attacker to query arbitrary po...

CVE-2025-14434 Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

EUVD-2025-205880

Cross-Site Request Forgery CSRF vulnerability in Mindstien Technologies Recent Posts From Each Category allows Stored XSS.This issue affects Recent Posts From Each Category: from n/a through 1.4...

CVE-2025-49354

Technical details for CVE-2025-49354 are not provided in the supplied documents; no product, vendor, impact, or remediation specifics are disclosed here. Monitor for official updates.

CVE-2025-49354 WordPress Recent Posts From Each Category plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Mindstien Technologies Recent Posts From Each Category recent-posts-from-each-category allows Stored XSS.This issue affects Recent Posts From Each Category: from n/a through = 1.4...

PT-2025-54280

Name of the Vulnerable Software and Affected Versions Mindstien Technologies Recent Posts From Each Category versions 1.4 and earlier Description The Recent Posts From Each Category plugin contains a Cross-Site Request Forgery CSRF issue and a Stored Cross-Site Scripting XSS issue. The CSRF flaw...

PT-2025-54283

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upk alex grid loadmore posts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

WordPress Gosign - Posts Slider Block plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Gosign - Posts Slider Block plugin = 1.1.0 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Nishiv - Developer in WordPress Plugin Gosign – Posts Slider Block versions = 1.1.0...