CVE-2026-47264

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializertaggroupnames returned every tag group a tag belonged to without filtering against the requesting...

CVE-2026-47264

CVE-2026-47264 affects Discourse releases 2026.1.0–2026.1.3, 2026.3.0–2026.3.0x (up to 2026.3.0-latest until 2026.3.1), and 2026.4.0–2026.4.0x (up to 2026.4.0-latest until 2026.4.1). The root cause is that DetailedTagSerializer#tag_group_names returned every tag group a tag belonged to without fi...

EUVD-2026-36561

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializertaggroupnames returned every tag group a tag belonged to without filtering against the requesting...

CVE-2026-47264 Discourse: Don't leak restricted tag group names via tag info

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializertaggroupnames returned every tag group a tag belonged to without filtering against the requesting...

PT-2026-30241

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass vulnerability allows unauthenticated or unauthorized users to view hidden staff-only tags and its...

CVE-2026-33426 Discourse users can edit or synonymize hidden tags they can't see

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0-latest.1,...

CVE-2026-33426

CVE-2026-33426 affects Discourse. Before versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 , users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they could not see those tags. A patch is included in versions 2026.3.0-latest.1, 2026....

EUVD-2026-13908

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0-latest.1,...

CVE-2026-33426 Discourse users can edit or synonymize hidden tags they can't see

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0-latest.1,...

CVE-2025-22735

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Burge WordPress Tag Cloud Plugin – Tag Groups tag-groups allows Reflected XSS.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through = 2.0.4...

CVE-2025-22735 WordPress Tag Cloud Plugin - Tag Groups plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TaxoPress WordPress Tag Cloud Plugin – Tag Groups allows Reflected XSS. This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through 2.0.4...

CVE-2025-22735 WordPress Tag Cloud Plugin - Tag Groups plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Burge WordPress Tag Cloud Plugin – Tag Groups tag-groups allows Reflected XSS.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through = 2.0.4...

CVE-2025-22735

CVE-2025-22735 is a reflected Cross-Site Scripting (XSS) vulnerability in the TaxoPress WordPress Tag Cloud Plugin – Tag Groups. The issue is described as improper neutralization of input during web page generation and affects Tag Groups versions up to 2.0.4 (on WordPress Tag Cloud Plugin – Tag G...

WordPress plugin WordPress Tag Cloud Plugin – Tag Groups 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin WordPress Tag Cloud Plugin...

PT-2025-4659 · WordPress · Taxopress Wordpress Tag Cloud Plugin

Name of the Vulnerable Software and Affected Versions: TaxoPress WordPress Tag Cloud Plugin – Tag Groups versions prior to 2.0.4 Description: The issue is related to improper neutralization of input during web page generation, allowing reflected Cross-site Scripting XSS. This enables attackers to...

WordPress Tag Cloud Plugin - Tag Groups plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

WordPress Tag Cloud Plugin - Tag Groups plugin = 2.0.4 - Reflected Cross Site Scripting XSS vulnerability discovered by minhtuanact Patchstack Alliance in WordPress Plugin WordPress Tag Cloud Plugin – Tag Groups versions = 2.0.4...

CVE-2024-43237

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Steve Burge WordPress Tag Cloud Plugin – Tag Groups tag-groups.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through = 2.0.3...

CVE-2024-43237 WordPress Tag Groups plugin <= 2.0.3 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Steve Burge WordPress Tag Cloud Plugin – Tag Groups tag-groups.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through = 2.0.3...

CVE-2024-43237 WordPress Tag Groups plugin <= 2.0.3 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Steve Burge WordPress Tag Cloud Plugin – Tag Groups tag-groups.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through = 2.0.3...

PT-2024-30400 · WordPress · Taxopress Wordpress Tag Cloud Plugin

Name of the Vulnerable Software and Affected Versions: TaxoPress WordPress Tag Cloud Plugin – Tag Groups versions through 2.0.3 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This affects the TaxoPress WordPress Tag Cloud Plugin, specifically...