CVE-2026-42556

Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their own save request and send the public preview link /p/?share=true to another user. The preview page...

CVE-2026-42556

Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their own save request and send the public preview link /p/?share=true to another user. The preview page...

CVE-2023-1086

The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2024-11913

The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajaxpreviewlink' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web...

CVE-2023-1086

The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-1086

The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-1086

CVE-2023-1086 affects the Preview Link Generator WordPress plugin, up to version 1.0.3. The root cause is a lack of CSRF validation when activating plugins, allowing an unauthenticated attacker to trigger plugin activations via CSRF if a user is logged in. The documented impact is arbitrary plugi...

CVE-2023-1086 Preview Link Generator < 1.0.4 - Arbitrary Plugin Activation via CSRF

The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

WordPress plugin Preview Link Generator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

PT-2023-16741 · WordPress · Preview Link Generator

Name of the Vulnerable Software and Affected Versions: Preview Link Generator WordPress plugin versions prior to 1.0.4 Description: The issue concerns a lack of CSRF check when activating plugins, which could allow attackers to make logged-in admins activate arbitrary plugins present on the blog...

WordPress Preview Link Generator Plugin < 1.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Preview Link Generator Type Plugin Vulnerable versions 1.0.4 Fixed in 1.0.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-1086 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1a96dff3de79 Credits WPScan Required...

Shopify: Bypass of fix #1370749

Hello team, on report 1370749 the reporter found that the preview link is not expiring. So when someone will gain access to the preview link, he can access it for whole life as the preview link remains the same even after changing the storefont password. I have reported the issue 1401525 where i ...

Shopify: After changing the storefront password, the preview link is still valid

Description: 1. The user needs to know the storefront password to generate the preview link. 2. After the administrator changes the storefront password, users can still access the storefront through the preview link. 3.reason: （1）User can generate preview link. （2）Simply changing the password wil...

Plesk Obsidian 跨站脚本漏洞

Plesk Obsidian is a hosting control panel from the Swiss company Plesk. A security vulnerability in Plesk Obsidian versions 18.0.0 through 18.0.32 allows an attacker to execute JavaScript code in a victim's browser by using a link to preview a site hosted on the server...

DRUPAL-CONTRIB-2019-004

The Preview Link module enables you to generate preview links so anonymous users can access unpublished revisions of content. The last release of the module introduced an access bypass allowing users to present invalid tokens but still access unpublished content...

Preview Link - Moderately critical - Access bypass - SA-CONTRIB-2019-004

The Preview Link module enables you to generate preview links so anonymous users can access unpublished revisions of content. The last release of the module introduced an access bypass allowing users to present invalid tokens but still access unpublished content...