6111 matches found
WordPress Weaver Show Posts plugin <= 1.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting vulnerability discovered by Muqsith Barru - TCC in WordPress Plugin Weaver Show Posts versions = 1.8.1...
WordPress Show Posts list plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Show Posts list versions = 1.1.0...
CVE-2026-21732
creationtimestamp| type| source ---|---|--- 2026-03-23 16:13:34+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhqhcjhvsc2n 2026-03-23 16:14:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhqhddhk452s...
CVE-2026-33351
creationtimestamp| type| source ---|---|--- 2026-03-23 14:38:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhqbylbqeg2k 2026-03-23 15:03:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhqdfezibg2u 2026-03-29 19:40:09+00:00| seen|...
CVE-2026-3635
creationtimestamp| type| source ---|---|--- 2026-03-23 14:08:43+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mhqadbkbw22i 2026-03-23 14:10:58+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mhqahaep2k2i 2026-03-23 16:03:12+00:00| seen|...
CVE-2026-32968
creationtimestamp| type| source ---|---|--- 2026-03-23 11:20:00+00:00| seen| https://infosec.exchange/users/certvde/statuses/116278217950836584 2026-03-23 11:20:05+00:00| seen| https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3mhpwvnutx3d2 2026-03-23 11:20:27+00:00| seen|...
CVE-2026-32969
creationtimestamp| type| source ---|---|--- 2026-03-23 11:20:00+00:00| seen| https://infosec.exchange/users/certvde/statuses/116278217950836584 2026-03-23 11:20:05+00:00| seen| https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3mhpwvnutx3d2 2026-03-23 11:20:27+00:00| seen|...
CVE-2026-4599
creationtimestamp| type| source ---|---|--- 2026-03-23 06:18:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhpg2nrlsg2s 2026-03-23 06:44:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhphjlw4wc2v 2026-03-23 10:30:27+00:00| seen|...
CVE-2026-4606
creationtimestamp| type| source ---|---|--- 2026-03-23 04:17:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhp7cm3x7o2d 2026-03-23 04:30:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116276607585520950 2026-03-23 04:30:30+00:00| seen|...
CVE-2026-2580
creationtimestamp| type| source ---|---|--- 2026-03-23 00:00:39+00:00| seen| https://infosec.exchange/users/offseq/statuses/116275546574992774 2026-03-23 00:00:41+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mhoqwucgs226 2026-03-23 00:45:01+00:00| seen|...
WordPress plugin Smart Custom Fields 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-27252
The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational posts search function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2026-33648
creationtimestamp| type| source ---|---|--- 2026-03-22 23:08:45+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-5m4q-5cvx-36mw 2026-03-23 19:23:24+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhqrvxr6772u 2026-03-23 19:40:56+00:0...
CVE-2026-4457
creationtimestamp| type| source ---|---|--- 2026-03-22 02:33:57+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhmizz6v2y2s 2026-03-22 02:34:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhmj36tprk2c 2026-03-24 01:00:00+00:00| seen|...
CVE-2026-4456
creationtimestamp| type| source ---|---|--- 2026-03-22 02:33:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhmizrvolb2n 2026-03-22 02:34:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhmj2xueev2s 2026-03-24 01:00:00+00:00| seen|...
CVE-2026-3629
creationtimestamp| type| source ---|---|--- 2026-03-21 23:18:13+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhm63zbpdo2h 2026-03-21 23:54:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhma4nxwhe2z 2026-03-22 01:44:18+00:00| seen|...
CVE-2026-32056
creationtimestamp| type| source ---|---|--- 2026-03-21 21:00:38+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhlwfz3aoi2x 2026-03-21 22:00:46+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhlzrjirtz25 2026-03-21 22:16:23+00:00| seen|...
EUVD-2019-19895
Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...
CVE-2019-25573
Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...
CVE-2019-25573 Green CMS 2.x SQL Injection via cat Parameter
Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...