Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.8 views

CVE-2026-1881

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.4AI score0.00219EPSS
Exploits0References1
NVD
NVD
added 2026/05/21 2:16 a.m.18 views

CVE-2026-1881

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00219EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/21 1:26 a.m.9 views

CVE-2026-1881 Broadstreet <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure via get_sponsored_meta

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/21 1:26 a.m.45 views

CVE-2026-1881 Broadstreet <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure via get_sponsored_meta

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00219EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/21 1:26 a.m.13 views

EUVD-2026-31206

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References2
Rows per page
Query Builder