WordPress plugin Category Posts Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

PT-2024-30380 · Unknown · Kodex Posts Likes

Name of the Vulnerable Software and Affected Versions: Kodex Posts likes versions through 2.5.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows Reflected XSS. Recommendations: For versions throug...

WordPress Kodex Posts likes plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dmitriy Prokhorov Patchstack Alliance in WordPress Plugin Kodex Posts likes versions = 2.5.0...

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is due to inadequate validation when shared channels are enabled, allowing an attacker to create, update, or delete arbitrary posts in arbitrary channels...

CVE-2024-6158 Category Posts Widget (Free < 4.9.17, Pro < 4.9.13) - Admin+ Stored XSS

The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of its "Category Posts" widget settings before outputting them back in a page/post where the Widget is embed, which could allow high...

CVE-2024-6158

The CVE-2024-6158 issue affects two WordPress widgets: Category Posts Widget (plugins) up to version 4.9.17, and Term-and-Category-Based-Posts-Widget up to 4.9.13. Root cause: both fail to validate and escape certain Category Posts widget settings before echoing them in a page/post, enabling stor...

WordPress Kodex Posts likes Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Kodex Posts likes Type Plugin Vulnerable versions = 2.5.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43217 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cf6b6f9c8273 Credits Dmitriy Prokhorov Required...

PT-2024-37420 · WordPress · Category Posts Widget +1

Name of the Vulnerable Software and Affected Versions: Category Posts Widget WordPress plugin versions prior to 4.9.17 term-and-category-based-posts-widget WordPress plugin versions prior to 4.9.13 Description: The issue concerns the failure to validate and escape certain "Category Posts" widget...

GO-2024-3023 Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server

Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server...

CVE-2024-6709

The Sync Post With Other Site plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'spsaddupdatepost' function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access an...

Mattermost allows remote actor to create/update/delete posts in arbitrary channels

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels...

CVE-2024-41144 Malicious remote can create/update/delete arbitrary posts in arbitrary channels

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels...

CVE-2024-41144 Malicious remote can create/update/delete arbitrary posts in arbitrary channels

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from a failure to properly validate synchronized posts when shared channels are enabled, which allows a malicious remote user to...

PT-2024-29293 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.9.x through 9.9.0 Mattermost versions 9.5.x through 9.5.6 Mattermost versions 9.7.x through 9.7.5 Mattermost versions 9.8.x through 9.8.1 Description: The issue arises from the failure to properly validate synced posts...

CVE-2024-40812

creationtimestamp| type| source ---|---|--- 2024-07-30 02:21:19+00:00| seen| https://t.me/cvedetector/1966 2025-03-14 17:49:02+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7615 2025-07-15 04:32:33+00:00| seen| https://bsky.app/profile/lizp.bsky.social/post/3lty33vrqss2d 2025-07-15...

WordPress Inline Related Posts plugin < 3.8.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Inline Related Posts versions 3.8.0...

CVE-2024-6487

The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6487 Inline Related Posts < 3.8.0 - Admin+ Stored XSS

The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-37661 · WordPress · Inline Related Posts

Name of the Vulnerable Software and Affected Versions: Inline Related Posts WordPress plugin versions prior to 3.8.0 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...