CVE-2025-61972

creationtimestamp| type| source ---|---|--- 2026-05-13 05:11:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlpk3nswl32n 2026-05-13 05:35:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlplh5jpni2v...

CVE-2025-62624

creationtimestamp| type| source ---|---|--- 2026-05-13 05:05:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlpjquxwyp2e 2026-05-13 05:15:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlpkddgxeu2k...

CVE-2025-62623

creationtimestamp| type| source ---|---|--- 2026-05-13 04:55:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlpj6xekod2k 2026-05-13 05:00:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlpjhw52sy2n...

CVE-2026-7051

The CVE-2026-7051 entry concerns the Blog2Social WordPress plugin (versions up to 8.9.0) with a Missing Authorization issue. The root cause is missing blog_user_id constraints in B2S_Post_Tools::deleteUserPublishPost() and deleteUserSchedPost(), allowing an authenticated subscriber+ to delete oth...

EUVD-2026-29899

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

CVE-2026-7051 Blog2Social: Social Media Auto Post & Scheduler <= 8.9.0 - Missing Authorization to Authenticated (Subscriber+) Delete Arbitrary B2S Post Records via 'postId' Parameter

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

CVE-2026-41901

creationtimestamp| type| source ---|---|--- 2026-05-13 01:34:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlp5xdbnw42p 2026-05-13 03:10:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlpddjlakx2w...

CVE-2026-42288

creationtimestamp| type| source ---|---|--- 2026-05-13 01:30:33+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mlp5qjkhja2g 2026-05-13 01:30:36+00:00| seen| https://infosec.exchange/users/offseq/statuses/116564677807182613 2026-05-13 01:31:22+00:00| seen|...

CVE-2026-44548

creationtimestamp| type| source ---|---|--- 2026-05-13 01:21:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlp5am37m42p 2026-05-13 01:23:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlp5eh2e672e 2026-05-13 03:10:31+00:00| seen|...

CVE-2026-44547

creationtimestamp| type| source ---|---|--- 2026-05-13 00:00:38+00:00| seen| https://infosec.exchange/users/offseq/statuses/116564324244482665 2026-05-13 00:00:39+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mloypqjnid2d 2026-05-13 02:00:45+00:00| seen|...

WordPress plugin Custom Twitter Feeds 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-40563

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2S Post Tools::deleteUserPublishPost and B2S Post Tools::deleteUserSchedPost...

CVE-2026-7474

creationtimestamp| type| source ---|---|--- 2026-05-12 23:35:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mloxd4bwoj2q 2026-05-12 23:45:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mloxuz6wa42e...

WordPress Tutor LMS – eLearning and online course solution plugin <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion vulnerability

Insecure Direct Object Reference to Authenticated Instructor+ Arbitrary Post Deletion vulnerability discovered by molten bit in WordPress Plugin Tutor LMS versions = 3.9.9...

CVE-2026-34258

creationtimestamp| type| source ---|---|--- 2026-05-12 14:20:28+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mlnybnopq22h 2026-05-12 14:25:05+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mlnykldwtg2c...

CVE-2026-0502

creationtimestamp| type| source ---|---|--- 2026-05-12 14:20:27+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mlnybnopq22h 2026-05-12 14:25:05+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mlnykldwtg2c...

CVE-2026-27682

creationtimestamp| type| source ---|---|--- 2026-05-12 14:20:27+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mlnybnopq22h 2026-05-12 14:25:05+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mlnykldwtg2c...

CVE-2026-43939

YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5 and 3.2.12, the thread posting and reply feature accepts user-supplied content via a a post or reply that is stored server-side and later rendered back into the thread page without adequate HTML sanitization or contextual output...

CVE-2026-43939 YAF.NET: Stored XSS in Forum Thread Posts/Replies Allowing Arbitrary JavaScript Execution for All Thread Viewers

YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5 and 3.2.12, the thread posting and reply feature accepts user-supplied content via a a post or reply that is stored server-side and later rendered back into the thread page without adequate HTML sanitization or contextual output...

CVE-2026-43939

Summary: CVE-2026-43939 affects YetAnotherForum.NET (YAF.NET) prior to 4.0.5 and 3.2.12, where thread posting/reply content is stored and later rendered without proper HTML sanitization or contextual encoding, enabling Stored XSS across the forum. The underlying issue is unsanitized user input in...