WordPress WP Posts Carousel plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin WP Posts Carousel versions = 1.3.7...

CVE-2025-30920

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Carousel: from n/a through = 1.3.7...

CVE-2025-30920

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Carousel: from n/a through = 1.3.7...

CVE-2025-30920 WordPress WP Posts Carousel plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Carousel: from n/a through = 1.3.7...

CVE-2025-30920

CVE-2025-30920 affects the WordPress plugin WP Posts Carousel. A Stored XSS exists due to improper input neutralization during web page generation, impacting the plugin versions up to 1.3.7 (and consistent with subsequent CVE entries indicating a fix in 1.3.8). The vulnerability requires authenti...

WordPress plugin WP Posts Carousel 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

WordPress plugin Export All Posts, Products, Orders, Refunds & Users 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A code issue vulnerability exists in WordPress plugin...

WordPress plugin Blog, Posts and Category Filter for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2025-31160

creationtimestamp| type| source ---|---|--- 2025-03-26 23:56:06+00:00| seen| https://t.me/cvedetector/21243 2025-03-27 02:26:21+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9003 2025-03-27 08:56:35+00:00| seen|...

WordPress Export All Posts, Products, Orders, Refunds & Users plugin <= 2.13 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Webbernaut in WordPress Plugin WP Ultimate Exporter versions = 2.13...

CVE-2019-9874

creationtimestamp| type| source ---|---|--- 2025-03-26 18:45:16+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3llcgyjkq4x2s 2025-03-26 19:05:11+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3llci45jqpj2n 2025-03-26 21:39:21+00:00| seen|...

CVE-2019-9875

creationtimestamp| type| source ---|---|--- 2025-03-26 18:45:15+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3llcgyim6af2v 2025-03-26 19:05:08+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3llci42bxm52u 2025-03-26 21:39:21+00:00| seen|...

CVE-2025-30602

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in alphasis Related Posts via Categories related-posts-via-categories allows Stored XSS.This issue affects Related Posts via Categories: from n/a through = 2.1.2...

Pixelfed may allow unauthorized actor to view private posts and private users

Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers from a Pixelfed instance...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the account visibility settings. An attacker can view and interact with private posts and accounts by leveraging the improper enforcement of access controls. Remediation Upgrade pixelfed/pixelfed to version...

GHSA-7287-GRHX-542X Pixelfed may allow unauthorized actor to view private posts and private users

Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers from a Pixelfed instance...

CVE-2025-30741

creationtimestamp| type| source ---|---|--- 2025-03-25 21:25:14+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8769 2025-03-25 23:40:33+00:00| seen| https://t.me/cvedetector/21122 2025-03-26 01:05:15+00:00| seen|...

CVE-2024-55963

creationtimestamp| type| source ---|---|--- 2025-03-25 16:43:16+00:00| seen| https://bsky.app/profile/r-netsec-bot.bsky.social/post/3ll7ppfyype2q 2025-03-25 17:39:32+00:00| seen| https://bsky.app/profile/r-netsec.bsky.social/post/3ll7su2ssvy2a 2025-03-25 21:24:36+00:00| seen|...

Pixelfed 安全漏洞

Pixelfed is a free and ethical photo sharing platform from the individual developers of Pixelfed. A security vulnerability exists in versions of Pixelfed prior to 0.12.5 that stems from the fact that anyone can follow private accounts on other Fediverse servers and view private posts...

CVE-2025-26512

creationtimestamp| type| source ---|---|--- 2025-03-24 22:23:43+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8562 2025-03-24 22:48:14+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114219843195697793 2025-03-24 23:40:25+00:00| seen|...