6098 matches found
CVE-2026-4812 Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters
The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions witho...
CVE-2026-34003
creationtimestamp| type| source ---|---|--- 2026-04-15 00:01:55+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqa5my42c 2026-04-15 00:01:59+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqekqju2g 2026-04-19 02:01:28+00:00| seen|...
CVE-2026-34000
creationtimestamp| type| source ---|---|--- 2026-04-15 00:01:54+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqa5my42c 2026-04-15 00:01:58+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqdjg3t2u 2026-04-19 02:01:28+00:00| seen|...
CVE-2026-33999
creationtimestamp| type| source ---|---|--- 2026-04-15 00:01:54+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqa5my42c 2026-04-15 00:01:57+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqdjg3t2u 2026-04-19 02:01:26+00:00| seen|...
CVE-2026-34001
creationtimestamp| type| source ---|---|--- 2026-04-15 00:01:54+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqa5my42c 2026-04-15 00:01:58+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqdjg3t2u 2026-04-19 02:01:28+00:00| seen|...
PT-2026-33003
Name of the Vulnerable Software and Affected Versions Advanced Custom Fields ACF plugin for WordPress versions prior to 6.7.1 Description The plugin contains a flaw where AJAX field query endpoints accept user-supplied filter parameters that override field-configured restrictions without proper...
WordPress Inquiry form to posts or pages plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inq_header' Parameter vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inqheader' Parameter vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Inquiry form to posts or pages versions = 1.0...
WordPress plugin Advanced Custom Fields 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-33021
The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.0. The katalogportal popup shortcode function is registered as an AJAX handler via wp ajax katalogportal shortcodePrinter but lacks any capability check current user can ...
CVE-2026-34619
creationtimestamp| type| source ---|---|--- 2026-04-14 23:22:03+00:00| seen| Telegram/7o25spvsi10qoVsYDQCR4BvQZf2Pb0MXjY1dtOy-qDOy7tc 2026-04-15 12:00:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjjtuloymz2w 2026-04-15 13:55:20+00:00| seen|...
CVE-2026-34161 Chamilo LMS: Stored XSS via Malicious File Upload in Social Post Attachments Leads to Arbitrary JavaScript Execution
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting XSS vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing JavaScript via the...
CVE-2026-27289
creationtimestamp| type| source ---|---|--- 2026-04-14 20:10:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mji6rygv4l23 2026-04-14 20:19:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mji7cuopwy2a 2026-04-14 21:25:30+00:00| published-proof-of-concept|...
CVE-2026-38527
creationtimestamp| type| source ---|---|--- 2026-04-14 16:46:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjhtgdu6nh2u 2026-04-14 17:07:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjhulnqatj2z...
CVE-2026-38526
creationtimestamp| type| source ---|---|--- 2026-04-14 16:46:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjhtg4gn2c2h 2026-04-14 17:03:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjhudxtjxx2r 2026-04-16 17:23:41+00:00| seen|...
CVE-2026-39813
creationtimestamp| type| source ---|---|--- 2026-04-14 16:34:21+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjhspwbtnj2m 2026-04-14 17:12:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjhuum6ow52o 2026-04-14 17:28:30+00:00| seen|...
CVE-2026-33101
creationtimestamp| type| source ---|---|--- 2026-04-14 15:49:19+00:00| seen| https://www.thezdi.com/blog/2026/4/14/the-april-2026-security-update-review 2026-04-14 19:17:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mji3t735w42m 2026-04-14 20:16:29+00:00| seen|...
WordPress Smart Post Show - Post Grid, Post Carousel & Slider, and List Category Posts plugin <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection vulnerability
WordPress Smart Post Show - Post Grid, Post Carousel & Slider, and List Category Posts plugin = 3.0.12 - Authenticated Administrator+ PHP Object Injection vulnerability discovered by Vilaysone CHANTHAVONG 0xJ0cKkY - Cyberus Technologies in WordPress Plugin Post Grid, Post Carousel, & List Categor...
CVE-2026-25654
creationtimestamp| type| source ---|---|--- 2026-04-14 03:04:52+00:00| seen| https://www.acn.gov.it/portale/w/aggiornamenti-per-prodotti-siemens-20 2026-04-14 09:51:07+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjh46vwdxg2s 2026-04-14 10:16:11+00:00| seen|...
CVE-2026-27668
creationtimestamp| type| source ---|---|--- 2026-04-14 03:04:52+00:00| seen| https://www.acn.gov.it/portale/w/aggiornamenti-per-prodotti-siemens-20 2026-04-14 09:51:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjh475wwx724 2026-04-14 09:51:36+00:00| seen|...
CVE-2026-27681
creationtimestamp| type| source ---|---|--- 2026-04-14 01:00:04+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjg6jaq2s42h 2026-04-14 01:15:38+00:00| published-proof-of-concept| Telegram/j1YKUKFGBq5wmef4QEbA7k-TdRl9f0BaDNzVfGs6U0ZXPS4 2026-04-14 01:30:30+00:00| seen|...