PT-2026-30241

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass vulnerability allows unauthenticated or unauthorized users to view hidden staff-only tags and its...

CVE-2026-33426

CVE-2026-33426 affects Discourse. Before versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 , users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they could not see those tags. A patch is included in versions 2026.3.0-latest.1, 2026....

CVE-2026-33426 Discourse users can edit or synonymize hidden tags they can't see

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0-latest.1,...

CVE-2026-33426 Discourse users can edit or synonymize hidden tags they can't see

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0-latest.1,...

EUVD-2026-13908

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0-latest.1,...

CVE-2025-22735

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Burge WordPress Tag Cloud Plugin – Tag Groups tag-groups allows Reflected XSS.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through = 2.0.4...

CVE-2025-22735 WordPress Tag Cloud Plugin - Tag Groups plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TaxoPress WordPress Tag Cloud Plugin – Tag Groups allows Reflected XSS. This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through 2.0.4...

CVE-2025-22735 WordPress Tag Cloud Plugin - Tag Groups plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Burge WordPress Tag Cloud Plugin – Tag Groups tag-groups allows Reflected XSS.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through = 2.0.4...

CVE-2025-22735

CVE-2025-22735 is a reflected Cross-Site Scripting (XSS) vulnerability in the TaxoPress WordPress Tag Cloud Plugin – Tag Groups. The issue is described as improper neutralization of input during web page generation and affects Tag Groups versions up to 2.0.4 (on WordPress Tag Cloud Plugin – Tag G...

PT-2025-4659 · WordPress · Taxopress Wordpress Tag Cloud Plugin

Name of the Vulnerable Software and Affected Versions: TaxoPress WordPress Tag Cloud Plugin – Tag Groups versions prior to 2.0.4 Description: The issue is related to improper neutralization of input during web page generation, allowing reflected Cross-site Scripting XSS. This enables attackers to...

WordPress plugin WordPress Tag Cloud Plugin – Tag Groups 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin WordPress Tag Cloud Plugin...

WordPress Tag Cloud Plugin - Tag Groups plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

WordPress Tag Cloud Plugin - Tag Groups plugin = 2.0.4 - Reflected Cross Site Scripting XSS vulnerability discovered by minhtuanact Patchstack Alliance in WordPress Plugin WordPress Tag Cloud Plugin – Tag Groups versions = 2.0.4...

CVE-2024-43237

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Steve Burge WordPress Tag Cloud Plugin – Tag Groups tag-groups.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through = 2.0.3...

CVE-2024-43237 WordPress Tag Groups plugin <= 2.0.3 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Steve Burge WordPress Tag Cloud Plugin – Tag Groups tag-groups.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through = 2.0.3...

CVE-2024-43237 WordPress Tag Groups plugin <= 2.0.3 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Steve Burge WordPress Tag Cloud Plugin – Tag Groups tag-groups.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through = 2.0.3...

WordPress plugin WordPress Tag Cloud Plugin – Tag Groups 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

PT-2024-30400 · WordPress · Taxopress Wordpress Tag Cloud Plugin

Name of the Vulnerable Software and Affected Versions: TaxoPress WordPress Tag Cloud Plugin – Tag Groups versions through 2.0.3 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This affects the TaxoPress WordPress Tag Cloud Plugin, specifically...

WordPress Tag Groups plugin <= 2.0.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin WordPress Tag Cloud Plugin – Tag Groups versions = 2.0.3...

WordPress WordPress Tag Cloud Plugin – Tag Groups Plugin <= 2.0.3 is vulnerable to Sensitive Data Exposure

Software WordPress Tag Cloud Plugin – Tag Groups Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-43237 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d69c3848e4ee Credits Pen...

BIT-DISCOURSE-2021-43792 Notifications leak in Discourse

Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature. A tag group may only allow a certain group e.g. staff to view certain tags. Users who were tracking or watching th...