Lucene search
K

501 matches found

Nuclei
Nuclei
added 7 hours ago7 views

YMC Filter WordPress - Unauthenticated Post Disclosure

YMC Filter WordPress plugin 3.11.3 contains a broken access control vulnerability caused by improper authorization and lack of validation in a REST API endpoint, letting unauthenticated attackers retrieve private and non-public post content, exploit requires no authentication. id: CVE-2026-10823...

7.5CVSS6.1AI score0.00921EPSS
Exploits0References2
Nuclei
Nuclei
added 7 hours ago20 views

WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts

WordPress before 5.2.4 contains an information disclosure caused by mishandling of the static query property, letting unauthenticated users view certain content, exploit requires no authentication. id: CVE-2019-17671 info: name: WordPress = 5.2.4 - Unauthenticated View Private/Draft Posts author:...

5.3CVSS6.7AI score0.36503EPSS
Exploits2References4
Nuclei
Nuclei
added 7 hours ago12 views

WordPress Simple Job Board - Unauthorized Data Access

The Simple Job Board plugin for WordPress is vulnerable to unauthorized data access due to insufficient authorization checking in the fetchquickjob function in all versions up to and including 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be...

5.3CVSS6.7AI score0.00909EPSS
Exploits0References3
NVD
NVD
added 5 days ago8 views

CVE-2026-12428

The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getallvalues function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permissioncallback only verifies the...

6.5CVSS0.00285EPSS
Exploits0References8
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42568

The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getallvalues function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permissioncallback only verifies the...

6.5CVSS6.1AI score0.00285EPSS
Exploits0References8
NVD
NVD
added 2026/07/03 9:16 a.m.9 views

CVE-2026-11900

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 2.8.16 via the 'data' attribute of the adinserter shortcode. This is due to the replaceaitags function processing a reusable-block-N tag pattern that...

4.3CVSS0.00273EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/07/03 7:53 a.m.37 views

CVE-2026-11900 Ad Inserter <= 2.8.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Post Content Disclosure via 'data' Shortcode Attribute

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 2.8.16 via the 'data' attribute of the adinserter shortcode. This is due to the replaceaitags function processing a reusable-block-N tag pattern that...

4.3CVSS0.00273EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/07/03 7:53 a.m.5 views

CVE-2026-11900

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 2.8.16 via the 'data' attribute of the adinserter shortcode. This is due to the replaceaitags function processing a reusable-block-N tag pattern that...

4.3CVSS6AI score0.00273EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55514

Name of the Vulnerable Software and Affected Versions Ad Inserter – Ad Manager & AdSense Ads versions prior to 2.8.17 Description An Insecure Direct Object Reference exists via the data attribute of the adinserter shortcode. The replace ai tags function processes a reusable-block-N tag pattern th...

4.3CVSS6AI score0.00273EPSS
Exploits0References15
NVD
NVD
added 2026/07/01 8:16 a.m.6 views

CVE-2026-12408

The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the /wp-json/slim-seo/meta-tags/ai REST API endpoint. This is due to the endpoint's permissioncallback performin...

4.3CVSS0.00257EPSS
Exploits0References8
CVE
CVE
added 2026/06/26 6:0 a.m.14 views

CVE-2026-10823

CVE-2026-10823 affects the YMC Filter WordPress plugin (pre-3.11.3). The flaw stems from improper authorization of a REST API endpoint and lack of validation of a user-supplied query parameter, enabling unauthenticated attackers to retrieve titles and content from private, draft, and other non-pu...

7.5CVSS5.8AI score0.00921EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 6:0 a.m.10 views

EUVD-2026-39624

The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts...

7.5CVSS5.8AI score0.00921EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 6:0 a.m.38 views

CVE-2026-10823 YMC Smart Filter < 3.11.3 - Unauthenticated Private/Draft Post Disclosure

The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts...

0.00921EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 6:0 a.m.7 views

CVE-2026-10823

The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts...

7.5CVSS5.8AI score0.00921EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.16 views

PT-2026-52664

Name of the Vulnerable Software and Affected Versions YMC Filter WordPress plugin versions prior to 3.11.3 Description An issue exists where the software fails to properly authorize access to a REST API endpoint and does not validate a user-supplied query parameter. This allows unauthenticated...

7.5CVSS5.8AI score0.00921EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/19 4:31 a.m.11 views

EUVD-2026-37983

The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogorestcreateposttranslation. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the raw title, content, excerpt,...

4.3CVSS5.8AI score0.00254EPSS
Exploits0References9
CVE
CVE
added 2026/06/19 4:31 a.m.19 views

CVE-2026-9013

CVE-2026-9013 affects the WordPress Bogo plugin (

4.3CVSS5.4AI score0.00254EPSS
Exploits0References9
CVE
CVE
added 2026/06/16 4:30 a.m.11 views

CVE-2026-10780

CVE-2026-10780 affects the WordPress Static Block plugin (versions up to 2.2). The vulnerability is an Insecure Direct Object Reference in the static_block_content() shortcode handler, which retrieves a post with get_post() using an attacker-controlled id and outputs its post_content without vali...

4.3CVSS5.5AI score0.00211EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/16 4:30 a.m.32 views

CVE-2026-10780 Static Block <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode 'id' Attribute

The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the staticblockcontent shortcode handler retrieving a post via getpost using an attacker-supplied 'id' attribute and outputting its postcontent without...

4.3CVSS0.00211EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-49611

Name of the Vulnerable Software and Affected Versions Static Block versions prior to 2.3 Description The Static Block plugin for WordPress contains an Insecure Direct Object Reference. This occurs because the static block content shortcode handler uses the get post function to retrieve a post bas...

4.3CVSS6AI score0.00211EPSS
Exploits0References7
Rows per page
Query Builder