CVE-2026-32699

FacturaScripts is an open source accounting and invoicing software. In versions 2025.92 and earlier, the application fails to validate the nick parameter during a POST request to the EditUser controller. Although the user interface prevents editing this field, a user can bypass this restriction b...

WordPress Community by PeepSo plugin < 6.3.1.2 - User Post Creation via CSRF vulnerability

User Post Creation via CSRF vulnerability discovered by Bikram Kharal in WordPress Plugin Community by PeepSo versions 6.3.1.2...

EUVD-2018-13149

Malware in sbrugna...

CVE-2025-54870

creationtimestamp| type| source ---|---|--- 2025-08-05 03:58:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvmsyyidi52q...

GHSA-GVFX-P3H5-QF65

creationtimestamp| type| source ---|---|--- 2025-07-10 17:35:09+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114830141628115070...

GHSA-HGQP-3MMF-7H8F

creationtimestamp| type| source ---|---|--- 2025-06-21 05:34:22+00:00| seen| https://bsky.app/profile/raptor.infosec.exchange.ap.brid.gy/post/3ls3te744yuq2 2025-06-23 23:32:45+00:00| seen| https://seclists.org/oss-sec/2025/q2/273 2025-06-23 23:32:45+00:00| seen|...

CVE-2023-22453

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the /u/username.json endpoint. The issue...

CVE-2018-9120

In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post...

CVE-2025-0444

creationtimestamp| type| source ---|---|--- 2025-02-04 18:57:16+00:00| seen| https://infosec.exchange/users/cve/statuses/113947144062411419 2025-02-04 19:05:24+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113947176087524263 2025-02-04 19:15:47+00:00| seen|...

CERTFR-2023-ALE-002

creationtimestamp| type| source ---|---|--- 2025-01-29 16:47:35+00:00| seen| https://bsky.app/profile/tuxpanik.bsky.social/post/3lgvgckb3nn2g...

CVE-2023-7125

The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post visible on their wall in their profile page, which could allow attackers to make logged in users perform such action via a CSRF attack...

CVE-2023-7125

The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post visible on their wall in their profile page, which could allow attackers to make logged in users perform such action via a CSRF attack...

Cross site request forgery (csrf)

The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post visible on their wall in their profile page, which could allow attackers to make logged in users perform such action via a CSRF attack...

CVE-2023-7125 Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF

The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post visible on their wall in their profile page, which could allow attackers to make logged in users perform such action via a CSRF attack...

CVE-2023-7125 Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF

The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post visible on their wall in their profile page, which could allow attackers to make logged in users perform such action via a CSRF attack...

Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF

Description The plugin does not have CSRF check when creating a user post visible on their wall in their profile page, which could allow attackers to make logged in users perform such action via a CSRF attack PoC 1. Log in as a normal user. 2. Save the content below as an HTML file. 3. Change...

Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF

Description The plugin does not have CSRF check when creating a user post visible on their wall in their profile page, which could allow attackers to make logged in users perform such action via a CSRF attack 1. Log in as a normal user. 2. Save the content below as an HTML file...

The vulnerability of the User Post Gallery plugin of the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the User Post Gallery plugin in the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Exploit for CVE-2023-2877

CVE-2023-2877 Formidable Forms 6.3.1 - Subscriber+ Remote...

Cross-site Scripting (XSS)

backdrop/backdrop is vulnerable to Cross-Site Scripting XSS. The vulnerability exist due to the lack of validation in the html elements when adding a post which allows an admin authenticated attacker to inject and execute malicious JavaScript when a user views a post...