6191 matches found
CVE-2025-13767
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...
CVE-2025-13767 Unauthorized Read Access to Private Channel Posts via Mattermost Jira Plugin
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...
CVE-2025-13767
Mattermost Jira plugin vulnerability (CVE-2025-13767): versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x
CVE-2025-13767 Unauthorized Read Access to Private Channel Posts via Mattermost Jira Plugin
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...
WordPress plugin User Submitted Posts 安全漏洞
WordPress User Submitted Posts plugin is a WordPress plugin that allows website visitors to submit post content via a front-end form that includes features such as title, tags, categories, author information, URL, body text and image uploads. WordPress User Submitted Posts plugin suffers from an...
PT-2025-53081
Name of the Vulnerable Software and Affected Versions Jeff Starr User Submitted Posts versions prior to and including 20251121 Description The software contains an Open Redirect issue, allowing for potential phishing attacks. This occurs due to a redirection to an untrusted site. Recommendations...
CVE-2025-15047
creationtimestamp| type| source ---|---|--- 2025-12-23 22:26:31+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115771230864366071 2025-12-23 22:50:10+00:00| seen| https://infosec.exchange/users/vuldb/statuses/115771323829528233 2025-12-24 01:44:31+00:00| seen|...
CVE-2021-47736
creationtimestamp| type| source ---|---|--- 2025-12-23 20:48:07+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3maomolmw2w2a 2025-12-23 21:26:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3maootcyyq42c...
CVE-2025-67108
creationtimestamp| type| source ---|---|--- 2025-12-23 16:25:23+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mao5yri6wl2v 2025-12-23 16:25:47+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mao5zjewja27 2025-12-23 16:26:22+00:00| seen|...
CVE-2025-67109
creationtimestamp| type| source ---|---|--- 2025-12-23 16:25:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mao5ykazuv2p 2025-12-23 16:25:39+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mao5zbor2f2f 2025-12-23 16:26:12+00:00| seen|...
CVE-2025-68548
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows Stored XSS.This issue affects Responsive Posts Carousel Pro: from n/a through = 15.2...
CVE-2025-68548
Mode C: The connected Wordfence entry documents an authenticated (Contributor+) Local File Inclusion vulnerability in Responsive Posts Carousel Pro (WordPress plugin) up to version 15.2, CVE-2025-68996, with Patch Status Patched. Updated versions from 15.2+ remediate the issue; CVSS 7.5 (High) in...
EUVD-2025-204786
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebCodingPlace Responsive Posts Carousel Pro allows Stored XSS.This issue affects Responsive Posts Carousel Pro: from n/a through 15.2...
CVE-2025-68548 WordPress Responsive Posts Carousel Pro plugin <= 15.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows Stored XSS.This issue affects Responsive Posts Carousel Pro: from n/a through = 15.2...
WordPress Responsive Posts Carousel Pro plugin <= 15.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Responsive Posts Carousel Pro versions = 15.2...
CVE-2025-12934
creationtimestamp| type| source ---|---|--- 2025-12-23 10:22:59+00:00| seen| https://gist.github.com/Darkcrai86/1223d292ad34425b948187905ab30ba2 2025-12-23 10:45:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mankyyzeot2p 2025-12-23 11:32:42+00:00| seen|...
CVE-2025-14388
creationtimestamp| type| source ---|---|--- 2025-12-23 10:03:44+00:00| seen| https://infosec.exchange/users/offseq/statuses/115768309982804801 2025-12-23 10:03:45+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3manioeubcv2z 2025-12-23 10:22:18+00:00| seen|...
CVE-2025-12934 Beaver Builder – WordPress Page Builder <= 2.9.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'duplicatewpmllayout' function in all versions up to, and including, 2.9.4.1. This makes it possible for authenticated attackers,...
PT-2025-52748
Name of the Vulnerable Software and Affected Versions Responsive Posts Carousel Pro versions through 15.2 Description An issue exists in WebCodingPlace Responsive Posts Carousel Pro that allows for Stored Cross-site Scripting XSS. This occurs due to improper neutralization of input during web pag...
WordPress plugin Responsive Posts Carousel Pro 跨站脚本漏洞
...