Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

NVD
NVDadded 2025/07/12 9:15 a.m.6 views

CVE-2025-7504

The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via deserialization of untrusted input of the queryvars parameter This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is prese...

8.8CVSS0.01757EPSS
Exploits1References5
Prion
Prionadded 2021/11/08 6:15 p.m.14 views

Design/Logic Flaw

The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the queryvars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request...

5CVSS5.2AI score0.00367EPSS
Exploits2References1Affected Software1
CVE
CVEadded 2021/11/08 5:35 p.m.36 views

CVE-2021-24840

The CVE-2021-24840 entry affects the Squaretype WordPress theme prior to version 3.0.4. The vulnerability allows unauthenticated users to manipulate the query_vars used to fetch posts in a REST endpoint, enabling disclosure of private and scheduled posts. This is demonstrated by published PoCs (e...

5.3CVSS5.1AI score0.00367EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder