PT-2026-26921

Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...

PT-2026-26827

The Company Posts for LinkedIn plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.0. This is due to a missing capability check on the linkedin company post reset handler function hooked to admin post reset linkedin company post. This makes it...

WordPress plugin Company Posts for LinkedIn 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

PT-2026-26864

The Punnel – Landing Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.1. The save config function, which handles the 'punnel save config' AJAX action, lacks any capability check current user can and nonce verification. This makes i...

WordPress plugin WP Posts Re-order 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-26869

The Show Posts list – Easy designs, filters and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'post type' shortcode attribute in the 'swiftpost-list' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping o...

Discourse 安全漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a security vulnerability due to an overly broad authorization check on the deleted post index endpoint, which can ...

PT-2026-26828

The Weaver Show Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add class' parameter in all versions up to, and including, 1.8.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE-2026-33428

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a non-staff user with elevated group membership could access deleted posts belonging to any user due to an overly broad authorization check on the deleted posts index endpoint. Versions...

CVE-2026-33428

Summary: Discourse allows a non-staff user with elevated group membership to access deleted posts from any user due to an overly broad authorization check on the deleted posts index endpoint. Affected versions: prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. Root cause (as stated): overly bro...

CVE-2026-33428 Discourse Allows Unauthorized Access to Deleted Posts Index via Group Membership

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a non-staff user with elevated group membership could access deleted posts belonging to any user due to an overly broad authorization check on the deleted posts index endpoint. Versions...

CVE-2026-33428 Discourse Allows Unauthorized Access to Deleted Posts Index via Group Membership

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a non-staff user with elevated group membership could access deleted posts belonging to any user due to an overly broad authorization check on the deleted posts index endpoint. Versions...

EUVD-2026-13912

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a non-staff user with elevated group membership could access deleted posts belonging to any user due to an overly broad authorization check on the deleted posts index endpoint. Versions...

CVE-2026-33428 Discourse Allows Unauthorized Access to Deleted Posts Index via Group Membership

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a non-staff user with elevated group membership could access deleted posts belonging to any user due to an overly broad authorization check on the deleted posts index endpoint. Versions...

CVE-2026-33411

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a potential stored XSS in topic titles for the solved posts stream. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, ensure that the Content Securi...

CVE-2026-33037

creationtimestamp| type| source ---|---|--- 2026-03-20 23:01:14+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhjmopgk4k2c 2026-03-20 23:04:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhjmu4qtlm2t 2026-03-23 23:40:09+00:00| seen|...

CVE-2026-33411

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a potential stored XSS in topic titles for the solved posts stream. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, ensure that the Content Securi...

CVE-2026-33411

Discourse is affected by CVE-2026-33411, a stored XSS in topic titles for the solved posts stream. The issue exists in versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. A patch is available in 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. Remediation guidance includes enabling a Content S...

CVE-2026-23536

creationtimestamp| type| source ---|---|--- 2026-03-20 22:17:59+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhjkbeyx7p2k 2026-03-20 22:20:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhjkggpsjk2c 2026-03-21 01:21:46+00:00| seen|...

CVE-2026-33172

creationtimestamp| type| source ---|---|--- 2026-03-20 22:17:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhjkb7iabx2c 2026-03-20 22:18:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhjkcc7x4y2u 2026-03-21 02:21:20+00:00| seen|...