153 matches found
Rank Math SEO < 1.0.229 - Unauthenticated User and Term Metadata Insert/Update/Deletion
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress contains a missing capability check on 'updatemetadata' in all versions up to 1.0.228, letting unauthenticated attackers insert, update, or delete metadata, including user and term metadata, potentially causing loss of...
CVE-2026-53511
Calibre vulnerability CVE-2026-53511 affects the calibre e-book manager prior to version 9.10.0. A malicious EPUB/OPF/PDF can trigger arbitrary Python code execution when metadata is read by calibre (e.g., via Add books or Edit books) by embedding a python: template in calibre:user_metadata; the ...
CVE-2026-53511 calibre: Arbitrary Code Execution in Template Formatter via Book Metadata
calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:usermetadata that is pass...
CVE-2026-9709
The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co...
CVE-2026-9709
The CVE-2026-9709 entry describes a vulnerability in the Premium Cornerstone page builder bundled with the X Theme (WordPress plugin) prior to version 7.8.9. The root cause is missing capability checks on one REST API route, allowing any authenticated user to disclose metadata of other users, inc...
CVE-2026-46546 Frappe LMS: HTML injection in user-controlled metadata
Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors' browsers to navigate to...
MISP 安全漏洞
MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions for analyzing threats to network security and malware analysis. MISP has a security vulnerability that...
hackage-server 跨站脚本漏洞
hackage-server is a Haskell software package repository server developed under open source. hackage-server has a cross-site scripting vulnerability, which stems from improperly cleaned user-controlled metadata. This vulnerability may lead to storage-based cross-site scripting attacks...
EUVD-2026-20950
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/id endpoint accepts a user-controlled filenamedisk parameter. By setting this value to match the storage path of another user's file, an attacker can overwrite that file's content...
CVE-2026-3460
The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...
Information Disclosure
code.gitea.io/gitea is vulnerable to information disclosure. The vulnerability is due to improper exposure of user metadata through sortable fields such as last login time, which allows an attacker to infer users' login activity by manipulating the explore/users sort order...
📄 WordPress RestroPress Online Food Ordering System 3.1.9.2 Disclosure Scanner
WordPress RestroPress Online Food Ordering System plugin version 3.1.9.2 user metadata exposure scanner. ============================================================================================================================================= | Title : WordPress RestroPress Online Food Orderi...
WordPress plugin JAY Login & Register 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress plugin JAY Login & Register 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...
CVE-2018-9377
In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user metadata due to a pending intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-12980
The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '/ultp/v2/getdynamiccontent/' REST API endpoint in all versions up to, and including, 5.0.3. This makes it possible...
WordPress plugin Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Post...
CVE-2025-12512
The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with...
CVE-2025-12512
CVE-2025-12512 (GenerateBlocks, WordPress) : Information exposure due to missing object-level authorization on REST endpoints exposed by generateblocks/v1/meta/. Authenticated users with Contributor+ can query arbitrary user/post meta and key data via get_user_meta_rest, exposing PII such as name...
CVE-2025-13084 Opto 22 groov View Exposure of Sensitive Information Through Metadata
The users endpoint in the groov View API returns a list of all users and associated metadata including their API keys. This endpoint requires an Editor role to access and will display API keys for all users, including Administrators...