EUVD-2026-22828

The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions witho...

CVE-2026-34063

creationtimestamp| type| source ---|---|--- 2026-04-22 20:16:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mk4ctsttnv2h 2026-04-22 21:00:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk4fdbxqg62g 2026-04-22 21:21:17+00:00| published-proof-of-concept|...

EUVD-2026-24702

The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' shortcode attribute in all versions up to, and including, 0.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

EUVD-2026-24704

The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'containerrightwidth' attribute of the 'simplerandomposts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-6236

The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' shortcode attribute in all versions up to, and including, 0.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2026-41144

creationtimestamp| type| source ---|---|--- 2026-04-22 09:00:41+00:00| seen| https://bsky.app/profile/basefortify.bsky.social/post/3mk353s3ayk2c 2026-04-22 09:00:42+00:00| seen| https://bsky.app/profile/basefortify.bsky.social/post/3mk353yb4zk2c 2026-04-22 09:00:42+00:00| seen|...

CVE-2026-6236 Posts map <= 0.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute

The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' shortcode attribute in all versions up to, and including, 0.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2026-6236

CVE-2026-6236 affects the WordPress plugin Posts map (versions up to and including 0.1.3). The root cause is insufficient input sanitization and output escaping for the 'name' shortcode attribute , leading to Stored Cross-Site Scripting. The vulnerability requires authenticated access at contribu...

CVE-2026-6236 Posts map <= 0.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute

The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' shortcode attribute in all versions up to, and including, 0.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2026-6246 Simple Random Posts Shortcode <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'container_right_width' Shortcode Attribute

The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'containerrightwidth' attribute of the 'simplerandomposts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-6246 Simple Random Posts Shortcode <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'container_right_width' Shortcode Attribute

The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'containerrightwidth' attribute of the 'simplerandomposts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-6246

The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'containerrightwidth' attribute of the 'simplerandomposts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied...

Improper Authentication

Mattermost is vulnerable to improper authentication. The vulnerability is due to failure to validate plugin bot identity in reaction forwarding, which allows an attacker to hijack the GitHub reaction feature and make users add reactions to arbitrary GitHub objects via crafted notification posts...

CVE-2026-40343

creationtimestamp| type| source ---|---|--- 2026-04-22 02:12:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mk2gcftelj2c 2026-04-22 02:15:27+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mk2gh34d43w2...

CVE-2026-41059

creationtimestamp| type| source ---|---|--- 2026-04-22 01:19:23+00:00| seen| Telegram/LUR06ONloRlViUIW27ojzHZG9BE33b4Dag-8VffcgXgN8 2026-04-22 02:19:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mk2gplkftj2i 2026-04-22 02:24:27+00:00| seen|...

PT-2026-34307

Name of the Vulnerable Software and Affected Versions Posts map plugin for WordPress versions prior to 0.1.4 Description Insufficient input sanitization and output escaping on user supplied attributes allow authenticated attackers with contributor-level access and above to inject arbitrary web...

WordPress plugin Posts map 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin Simple Random Posts Shortcode 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-6832

creationtimestamp| type| source ---|---|--- 2026-04-21 22:37:18+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk22bewh6y2z 2026-04-21 22:40:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mk22ho3kj22i 2026-04-21 22:53:51+00:00| seen|...

CVE-2025-13826

creationtimestamp| type| source ---|---|--- 2026-04-21 10:55:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjyt226zkl2e 2026-04-21 10:56:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjyt3xbero2n 2026-04-21 11:16:33+00:00| published-proof-of-concept|...