CVE-2026-4066 Smart Custom Fields <= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post Search

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...

WordPress WP Posts Re-order plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin WP Posts Re-order versions = 1.0...

WordPress Weaver Show Posts plugin <= 1.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting vulnerability discovered by Muqsith Barru - TCC in WordPress Plugin Weaver Show Posts versions = 1.8.1...

WordPress Show Posts list plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Show Posts list versions = 1.1.0...

CVE-2026-21732

creationtimestamp| type| source ---|---|--- 2026-03-23 16:13:34+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhqhcjhvsc2n 2026-03-23 16:14:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhqhddhk452s...

CVE-2026-33351

creationtimestamp| type| source ---|---|--- 2026-03-23 14:38:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhqbylbqeg2k 2026-03-23 15:03:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhqdfezibg2u 2026-03-29 19:40:09+00:00| seen|...

CVE-2026-3635

creationtimestamp| type| source ---|---|--- 2026-03-23 14:08:43+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mhqadbkbw22i 2026-03-23 14:10:58+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mhqahaep2k2i 2026-03-23 16:03:12+00:00| seen|...

CVE-2026-32968

creationtimestamp| type| source ---|---|--- 2026-03-23 11:20:00+00:00| seen| https://infosec.exchange/users/certvde/statuses/116278217950836584 2026-03-23 11:20:05+00:00| seen| https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3mhpwvnutx3d2 2026-03-23 11:20:27+00:00| seen|...

CVE-2026-32969

creationtimestamp| type| source ---|---|--- 2026-03-23 11:20:00+00:00| seen| https://infosec.exchange/users/certvde/statuses/116278217950836584 2026-03-23 11:20:05+00:00| seen| https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3mhpwvnutx3d2 2026-03-23 11:20:27+00:00| seen|...

CVE-2026-4599

creationtimestamp| type| source ---|---|--- 2026-03-23 06:18:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhpg2nrlsg2s 2026-03-23 06:44:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhphjlw4wc2v 2026-03-23 10:30:27+00:00| seen|...

CVE-2026-4606

creationtimestamp| type| source ---|---|--- 2026-03-23 04:17:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhp7cm3x7o2d 2026-03-23 04:30:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116276607585520950 2026-03-23 04:30:30+00:00| seen|...

CVE-2026-2580

creationtimestamp| type| source ---|---|--- 2026-03-23 00:00:39+00:00| seen| https://infosec.exchange/users/offseq/statuses/116275546574992774 2026-03-23 00:00:41+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mhoqwucgs226 2026-03-23 00:45:01+00:00| seen|...

PT-2026-27252

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational posts search function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and...

WordPress plugin Smart Custom Fields 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-33648

creationtimestamp| type| source ---|---|--- 2026-03-22 23:08:45+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-5m4q-5cvx-36mw 2026-03-23 19:23:24+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhqrvxr6772u 2026-03-23 19:40:56+00:0...

CVE-2026-4457

creationtimestamp| type| source ---|---|--- 2026-03-22 02:33:57+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhmizz6v2y2s 2026-03-22 02:34:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhmj36tprk2c 2026-03-24 01:00:00+00:00| seen|...

CVE-2026-4456

creationtimestamp| type| source ---|---|--- 2026-03-22 02:33:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhmizrvolb2n 2026-03-22 02:34:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhmj2xueev2s 2026-03-24 01:00:00+00:00| seen|...

CVE-2026-3629

creationtimestamp| type| source ---|---|--- 2026-03-21 23:18:13+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhm63zbpdo2h 2026-03-21 23:54:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhma4nxwhe2z 2026-03-22 01:44:18+00:00| seen|...

CVE-2026-32056

creationtimestamp| type| source ---|---|--- 2026-03-21 21:00:38+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhlwfz3aoi2x 2026-03-21 22:00:46+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhlzrjirtz25 2026-03-21 22:16:23+00:00| seen|...

EUVD-2019-19895

Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...