366 matches found
CVE-2026-44787
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primarygroupid and gain whisper-group privileges without legitimate group membership on sites with whispersallowedgroups configured. This...
CVE-2026-44787 Discourse: Signup-time primary_group_id assignment grants whisperer access
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primarygroupid and gain whisper-group privileges without legitimate group membership on sites with whispersallowedgroups configured. This...
CVE-2026-44787
Discourse exposes a flaw in signup: before versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a new user could set primary_group_id and gain whisper-group privileges when whispers_allowed_groups is configured. This is fixed in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5. The CVSS 3.1 base score ...
CVE-2026-44787
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primarygroupid and gain whisper-group privileges without legitimate group membership on sites with whispersallowedgroups configured. This...
CVE-2026-44787 Discourse: Signup-time primary_group_id assignment grants whisperer access
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primarygroupid and gain whisper-group privileges without legitimate group membership on sites with whispersallowedgroups configured. This...
PT-2026-56993
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description The signup flow allows newly registered users to set the primary group id variable...
CVE-2026-57353
Subscriber Broken Access Control in Link Whisper Premium = 2.9.0 versions...
CVE-2026-57353
The CVE concerns WordPress Link Whisper Premium plugin <= 2.9.0 with a Broken Access Control issue. The accompanying CVSS data (Patchstack, v3.1) indicates an external attack over network, with low privileges and no user interaction, potentially affecting integrity (I: High) while confidential...
CVE-2026-57353 WordPress Link Whisper Premium plugin <= 2.9.0 - Broken Access Control vulnerability
Subscriber Broken Access Control in Link Whisper Premium = 2.9.0 versions...
CVE-2026-57333
Unauthenticated Cross Site Scripting XSS in Link Whisper Free = 0.9.4 versions...
CVE-2026-57333 WordPress Link Whisper Free plugin <= 0.9.4 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Link Whisper Free = 0.9.4 versions...
EUVD-2026-40104
Unauthenticated Cross Site Scripting XSS in Link Whisper Free = 0.9.4 versions...
CVE-2026-57333
CVE-2026-57333 describes an unauthenticated reflected Cross Site Scripting (XSS) vulnerability in the WordPress plugin Link Whisper Free , affecting versions up to and including 0.9.4 . The connected sources consistently identify it as a reflected XSS issue in the Free plugin; no root-cause detai...
CVE-2026-57333
Unauthenticated Cross Site Scripting XSS in Link Whisper Free = 0.9.4 versions...
PT-2026-53294
Name of the Vulnerable Software and Affected Versions Link Whisper Free versions prior to 0.9.5 Description Unauthenticated Cross Site Scripting XSS allows an attacker to execute malicious scripts in the browser of a user without requiring authentication. Recommendations Update Link Whisper Free ...
BIT-DISCOURSE-2026-44783 Discourse: Replying to a whisper lets non-whisperers create staff-only whisper posts
Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, a flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in whispersallowedgroups to post in...
BIT-DISCOURSE-2026-44779 Discourse: Bot debug endpoints disclose whisper translation audit logs
Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0...
CVE-2026-44779
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1,...
CVE-2026-44783
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in...
CVE-2026-44783 Discourse: Replying to a whisper lets non-whisperers create staff-only whisper posts
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in...