PT-2026-31473

The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliderStyle' block attribute in the Posts Slider block in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

WordPress plugin TableOn – WordPress Posts Table Filterable 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-31109

Name of the Vulnerable Software and Affected Versions Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress versions up to and including 8.8.3 Description The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is susceptible to authorization bypass. This occurs...

PT-2026-31089

CVE-2026-4338 The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts https://t.co/WVixohTZmU...

Code-Projects Easy Blog Site 代码注入漏洞

Code-Projects Easy Blog Site is an easy blog website developed by Code-Projects as open source. Version 1.0 of code-projects Easy Blog Site has a code injection vulnerability, which stems from the handling of the parameter postTitle in the file posts/update.php. This vulnerability may lead to...

WordPress plugin ActivityPub 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Inquiry form to posts or pages plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Header Field vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Form Header Field vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Inquiry form to posts or pages versions = 1.0...

CVE-2026-4788

creationtimestamp| type| source ---|---|--- 2026-04-07 16:16:41+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4788 2026-04-08 03:16:41+00:00| seen| Telegram/dROJOrCDMnkwqXhb9-Y-ghLBhlUA50W24DQUefxFEp990g8 2026-04-08 04:48:38+00:00| seen|...

CVE-2026-5627

creationtimestamp| type| source ---|---|--- 2026-04-07 14:30:18+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mivyjoek5x26 2026-04-07 14:30:22+00:00| seen| https://infosec.exchange/users/offseq/statuses/116363900721699665 2026-04-07 14:44:48+00:00| seen|...

CVE-2026-31842

creationtimestamp| type| source ---|---|--- 2026-04-07 12:18:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mivr5irynv2p 2026-04-07 12:18:31+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mivr5s6skm2s 2026-04-07 13:16:15+00:00|...

CVE-2026-34896

creationtimestamp| type| source ---|---|--- 2026-04-07 10:10:13+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mivjymbw6f2s 2026-04-07 10:30:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mivl4qvjwe2n 2026-04-07 13:55:24+00:00| seen|...

BIT-DISCOURSE-2026-32620 Discourse: Missing post-level authorization allows whisper metadata disclosure

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, non-staff users could access read receipt information for staff-only posts they weren't supposed to see. No post content was exposed, only metadata about who read the post...

CVE-2026-5465

creationtimestamp| type| source ---|---|--- 2026-04-07 08:01:05+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mivcqtypg327 2026-04-07 09:15:25+00:00| seen| Telegram/UjrnvOa2JLE3qzXsFYe7vk49vQcInvR-SenKatBboIQ7n94 2026-04-07 09:37:20+00:00| seen|...

CVE-2026-35174

creationtimestamp| type| source ---|---|--- 2026-04-06 18:26:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitvb3h7og2h 2026-04-06 19:29:44+00:00| seen| Telegram/RmP7l-K41x9UoCBscD5W8eizA4yDJaPJqAKKOeWwXNyu-8 2026-04-06 19:30:39+00:00| seen|...

CVE-2026-35171

creationtimestamp| type| source ---|---|--- 2026-04-06 18:24:12+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitv4ynlvh2d 2026-04-06 18:24:37+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitv5qkfjp2d 2026-04-06 19:29:44+00:00| seen|...

CVE-2026-35470

creationtimestamp| type| source ---|---|--- 2026-04-06 18:24:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitv4qwen22t 2026-04-06 18:24:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitv5jd3vu2j 2026-04-06 19:20:37+00:00| seen|...

CVE-2026-35209

creationtimestamp| type| source ---|---|--- 2026-04-06 18:09:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mitud4tgjt2o 2026-04-06 18:23:56+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitv4jr7ms2t 2026-04-06 18:24:21+00:00| seen|...

CVE-2026-30078

creationtimestamp| type| source ---|---|--- 2026-04-06 15:42:17+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitm3hpfvn27 2026-04-06 15:43:02+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitm4smwze27 2026-04-06 15:44:42+00:00| seen|...

CVE-2026-34885

creationtimestamp| type| source ---|---|--- 2026-04-06 15:35:07+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitlonapsw2r 2026-04-06 15:35:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitlpsinwd27 2026-04-06 17:30:35+00:00|...

CVE-2026-33540

creationtimestamp| type| source ---|---|--- 2026-04-06 13:59:09+00:00| published-proof-of-concept| https://github.com/distribution/distribution/security/advisories/GHSA-3p65-76g6-3w7r 2026-04-06 15:35:22+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitlp3gzvo2r 2026-04-06...