CVE-2025-46653

creationtimestamp| type| source ---|---|--- 2025-04-26 21:09:40+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13587 2025-04-26 21:37:10+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnqow6bsi772 2025-04-26...

CVE-2025-46520

Cross-Site Request Forgery CSRF vulnerability in alphasis Related Posts via Taxonomies related-posts-via-taxonomies allows Stored XSS.This issue affects Related Posts via Taxonomies: from n/a through = 1.0.1...

CVE-2025-2811

creationtimestamp| type| source ---|---|--- 2025-04-26 07:08:12+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13573 2025-04-26 07:25:43+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnp7eozrama2 2025-04-26...

CVE-2025-23773

Missing Authorization vulnerability in mingocommerce Delete All Posts delele-all allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Delete All Posts: from n/a through = 1.1.1...

CVE-2025-46227

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brecht Custom Related Posts custom-related-posts allows Stored XSS.This issue affects Custom Related Posts: from n/a through = 1.7.4...

CVE-2025-39549

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in whiletrue Most And Least Read Posts Widget most-and-least-read-posts-widget allows Stored XSS.This issue affects Most And Least Read Posts Widget: from n/a through = 2.5.20...

CVE-2025-39573

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Carousel: from n/a through = 1.3.10...

CVE-2024-11299

The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

CVE-2022-45866

creationtimestamp| type| source ---|---|--- 2025-04-25 19:07:26+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13504 2025-07-23 09:54:21+00:00| seen| https://bsky.app/profile/alysia.au/post/3lumqsp7xdk2x 2025-07-23 09:54:21+00:00| seen|...

CVE-2025-32592

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 TableOn posts-table-filterable allows Stored XSS.This issue affects TableOn: from n/a through = 1.0.3...

CVE-2025-3638

creationtimestamp| type| source ---|---|--- 2025-04-25 17:19:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnnq75awk32r 2025-04-25 19:48:21+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114400329815274389 2025-04-26 03:42:03+00:00| seen|...

CVE-2025-27308

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cmstactics WP Video Posts wp-video-posts allows Reflected XSS.This issue affects WP Video Posts: from n/a through = 3.5.1...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the updateChannelAction function, which does not sufficiently check user permissions before executing a delete operation. Any user can delete posts containing actions posted by the Playbooks bot. Remediation...

CVE-2025-31324

creationtimestamp| type| source ---|---|--- 2025-04-24 17:06:29+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13279 2025-04-24 17:20:18+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114394085290415234 2025-04-24 18:14:38+00:00| seen|...

CVE-2025-46520

Cross-Site Request Forgery CSRF vulnerability in alphasis Related Posts via Taxonomies related-posts-via-taxonomies allows Stored XSS.This issue affects Related Posts via Taxonomies: from n/a through = 1.0.1...

CVE-2025-46520 WordPress Related Posts via Taxonomies plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in alphasis Related Posts via Taxonomies allows Stored XSS. This issue affects Related Posts via Taxonomies: from n/a through 1.0.1...

CVE-2025-46520

Technical details about CVE-2025-46520 (affected plugin/version, root cause, exploitability, and fix) are not publicly provided in the supplied documents. Monitor for updates from official sources (NVD, Patchstack, CVE/CVE-List summaries).

CVE-2025-43865

creationtimestamp| type| source ---|---|--- 2025-04-24 14:55:19+00:00| published-proof-of-concept| https://github.com/remix-run/react-router/security/advisories/GHSA-cpj6-fhp6-mr6j 2025-04-25 01:10:55+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13366 2025-04-25...

Mattermost Playbooks fails to properly validate permissions

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions created by the Playbooks bot, even without...

CVE-2025-41395

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to properly validate the props used by the RetrospectivePost custom post type in the Playbooks plugin, which allows an attacker to create a specially crafted post with maliciously crafted props and cause a denial of servi...