Lucene search
K

503 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.11 views

CVE-2025-9987

The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the getsponsoredmeta AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protect...

5.3CVSS5.4AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.9 views

CVE-2026-1881

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.4AI score0.00219EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 1:26 a.m.9 views

CVE-2026-1881 Broadstreet <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure via get_sponsored_meta

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/21 1:26 a.m.6 views

CVE-2026-1881

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/21 1:26 a.m.49 views

CVE-2026-1881 Broadstreet <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure via get_sponsored_meta

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00219EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.16 views

PT-2026-42391

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the get sponsored meta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.13 views

WordPress plugin Broadstreet 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.9AI score0.00219EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 5:16 a.m.10 views

CVE-2025-9987

The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the getsponsoredmeta AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protect...

5.3CVSS0.0027EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 4:26 a.m.6 views

CVE-2025-9987

The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the getsponsoredmeta AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protect...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/13 4:26 a.m.9 views

EUVD-2025-209818

The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the getsponsoredmeta AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protect...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 4:26 a.m.16 views

CVE-2025-9987

The Broadstreet WordPress plugin (versions

5.3CVSS5.8AI score0.0027EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 4:26 a.m.8 views

CVE-2025-9987 Broadstreet <= 1.53.1 - Authenticated (Subscriber+) Information Disclosure

The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the getsponsoredmeta AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protect...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 4:26 a.m.45 views

CVE-2025-9987 Broadstreet <= 1.53.1 - Authenticated (Subscriber+) Information Disclosure

The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the getsponsoredmeta AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protect...

5.3CVSS0.0027EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

WordPress plugin Broadstreet 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.11 views

PT-2026-40558

The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the get sponsored meta AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/05/12 3:46 p.m.18 views

Fake Claude search results lure Mac users into ClickFix attack

Researchers found that cybercriminals are using sponsored search results and shared Claude chats to lure victims into a typical ClickFix attack to install malware on macOS devices. ClickFix is a social engineering method that tricks users into infecting their own device with malware. Users are...

6.5AI score
Exploits0
Talos Blog
Talos Blog
added 2026/05/12 10:0 a.m.11 views

State-sponsored actors, better known as the friends you don’t want

State-sponsored actors don't break in. They log in, and they use your own tools to stay invisible for months. Responding to a state-sponsored threat is nothing like responding to ransomware, and the differences can make or break the outcome. From logging and baselines to OT segmentation and suppl...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/07 1:34 p.m.14 views

PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage

Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026. The vulnerability in question is CVE-2026-0300 CVSS score: 9.3/8.7, a buffer overflow vulnerability in the User-ID Authentication...

9.8CVSS7.1AI score0.32074EPSS
Exploits6
Schneier on Security
Schneier on Security
added 2026/04/30 10:22 a.m.9 views

Fast16 Malware

Researchers have reverse-engineered a piece of malware named Fast16. It's almost certainly state-sponsored, probably US in origin, and was deployed against Iran years before Stuxnet: "…the Fast16 malware was designed to carry out the most subtle form of sabotage ever seen in an in-the-wild malwar...

5.3AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/21 12:29 p.m.7 views

[Podcast] It's not you, it's your printer: State-sponsored and phishing threats in 2025

!\Podcast\ It's not you, it's your printer: State-sponsored and phishing threats in 2025https://storage.ghost.io/c/af/a0/afa04ee3-414f-4481-8d23-7e7c146f192e/content/images/2026/04/YiR2025cover2x1-2-1.jpg In this episode, we unpack state-sponsored and phishing trends from the 2025 Talos Year in...

5.7AI score
Exploits0
Rows per page
Query Builder