CVE-2026-7051

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

EUVD-2026-29899

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

PT-2025-45448

An issue was discovered in rymcu forest thru commit f782e85 2025-09-04 in function doBefore in file src/main/java/com/rymcu/forest/core/service/security/AuthorshipAspect.java, allowing authorized attackers to delete arbitrary users posts...

forest 安全漏洞

forest is RYMCU open source a modern knowledge community backend project , using SpringBoot + Shiro + MyBatis + JWT + Redis implementation . A security vulnerability exists in forest version f782e85, which stems from a flaw in the doBefore function in the AuthorshipAspect.java file, which could...

CVE-2025-5622

creationtimestamp| type| source ---|---|--- 2025-06-05 01:27:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqt64rcwgl2e 2025-06-05 01:44:05+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114628220983430004...

CVE-2025-31201

creationtimestamp| type| source ---|---|--- 2025-04-16 17:33:03+00:00| seen| https://infosec.exchange/users/applsec/statuses/114348836934305541 2025-04-16 17:33:04+00:00| seen| https://bsky.app/profile/applsec.bsky.social/post/3lmx4qr3utx2e 2025-04-16 18:18:24+00:00| seen|...

CVE-2025-23008

creationtimestamp| type| source ---|---|--- 2025-04-10 21:43:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmihwcmfmu2i 2025-04-10 23:43:23+00:00| seen| https://t.me/cvedetector/22685 2025-04-11 03:29:27+00:00| seen|...

PT-2024-15213 · Peepso · The Community By Peepso

Name of the Vulnerable Software and Affected Versions: The Community by PeepSo WordPress plugin versions prior to 6.3.1.2 Description: The issue is related to the lack of a CSRF check when creating a user post, which could allow attackers to make logged-in users perform such actions via a CSRF...

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email, and chat rooms. Discourse suffers from an information disclosure vulnerability that stems from the number of times it allows users posted in any thread to be exposed to unauthoriz...

usememos/memos has Insufficient Granularity of Access Control

usememos/memos 0.9.0 and prior allows an attacker to archive any user's public or private post...

WordPress Ask Me plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress plugin Ask Me 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

Allow REL= and HTML in Author Bios <= .1- Author+ Stored Cross-Site Scripting

The plugin does not sanitise the allowed HTML in Bio, allowing user with a role as low as author to perform Cross-Site Scripting attack against users viewing their posts PoC As Author, put a JS payload such as in your Biographical Info via your Profile, then access any public posts made by your...

Nextcloud Social app access control error vulnerability

Nextcloud Nextcloud Social app is a social application from Nextcloud Germany. An access control error vulnerability exists in version 0.3.1 of the Nextcloud Social app. The vulnerability is related to the control system of the affected version not properly handling user access requests. There is...

CVE-2020-8278

Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user...

Improper access control

Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user...

Nextcloud Social app 访问控制错误漏洞

Nextcloud Nextcloud Social app is a social application from Nextcloud Germany. An access control error vulnerability exists in version 0.3.1 of the Nextcloud Social app. The vulnerability is related to the control system of the affected version not properly handling user access requests. There is...

idreamsoft iCMS Cross-Site Request Forgery Vulnerability (CNVD-2019-12121)

iCMS is an efficient and simple content management system built with PHP and MySQL. A cross-site request forgery vulnerability exists in idreamsoft iCMS 7.0.14 and earlier versions, which can be exploited by an attacker to delete a user's posts via public/api.php?app=user URI...

Vanilla: Abusing "Report as abuse" functionality to delete any user's post.

Hi Team, Greetings!! Description: I would like to report a vulnerability that can be used to delete any user’s post by abusing “Report an abuse” function within application. After specific number of reports submitted to server, it automatically deletes that post of user. Application has...

Moodle CMS Multiple Vulnerabilities

This host is running Moodle CMS and is prone to Multiple Vulnerabilities. OpenVAS Vulnerability Test $Id: gbmoodlecmsmultvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ Moodle CMS Multiple Vulnerabilities Authors: Sujit Ghosal Copyright: Copyright c 2009 Greenbone Networks GmbH,...