Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 04 May 2026 16:52:36 +0000 7e0f41b7-21f2-45d9-baa5-510fc4451ff3 https://vulnerability.circl.lu/sighting/7e0f41b7-21f2-45d9-baa5-510fc4451ff3/export {"uuid": "7e0f41b7-21f2-45d9-baa5-510fc4451ff3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13438", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ligmcvmuug2h", "content": "", "creation_timestamp": "2025-02-18T06:15:37.601906Z"} {"uuid": "7e0f41b7-21f2-45d9-baa5-510fc4451ff3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13438", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ligmcvmuug2h", "content": "", "creation_timestamp": "2025-02-18T06:15:37.601906Z"} https://vulnerability.circl.lu/sighting/7e0f41b7-21f2-45d9-baa5-510fc4451ff3/export Tue, 18 Feb 2025 06:15:37 +0000 87fca615-1ed1-4baf-8638-e83f02a60d62 https://vulnerability.circl.lu/sighting/87fca615-1ed1-4baf-8638-e83f02a60d62/export {"uuid": "87fca615-1ed1-4baf-8638-e83f02a60d62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13438", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4753", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13438\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The SpeedSize Image & Video AI-Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the 'speedsize_clear_css_cache_action' function. This makes it possible for unauthenticated attackers to clear the plugins cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-02-18T05:22:26.550Z\n\ud83d\udccf Modified: 2025-02-18T05:22:26.550Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/1404c675-49b3-48a5-8aac-826c58755b8e?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3236368%40speedsize-ai-image-optimizer&new=3236368%40speedsize-ai-image-optimizer&sfp_email=&sfph_mail=", "creation_timestamp": "2025-02-18T08:00:37.000000Z"} {"uuid": "87fca615-1ed1-4baf-8638-e83f02a60d62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13438", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4753", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13438\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The SpeedSize Image & Video AI-Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the 'speedsize_clear_css_cache_action' function. This makes it possible for unauthenticated attackers to clear the plugins cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-02-18T05:22:26.550Z\n\ud83d\udccf Modified: 2025-02-18T05:22:26.550Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/1404c675-49b3-48a5-8aac-826c58755b8e?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3236368%40speedsize-ai-image-optimizer&new=3236368%40speedsize-ai-image-optimizer&sfp_email=&sfph_mail=", "creation_timestamp": "2025-02-18T08:00:37.000000Z"} https://vulnerability.circl.lu/sighting/87fca615-1ed1-4baf-8638-e83f02a60d62/export Tue, 18 Feb 2025 08:00:37 +0000 73bb26f8-0ba8-4034-9c02-6d8be5ed58c6 https://vulnerability.circl.lu/sighting/73bb26f8-0ba8-4034-9c02-6d8be5ed58c6/export {"uuid": "73bb26f8-0ba8-4034-9c02-6d8be5ed58c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13438", "type": "seen", "source": "https://t.me/cvedetector/18278", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13438 - \"SpeedSize WordPress Plugin CSRF Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-13438 \nPublished : Feb. 18, 2025, 6:15 a.m. | 1\u00a0hour, 15\u00a0minutes ago \nDescription : The SpeedSize Image & Video AI-Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the 'speedsize_clear_css_cache_action' function. This makes it possible for unauthenticated attackers to clear the plugins cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"18 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T09:16:48.000000Z"} {"uuid": "73bb26f8-0ba8-4034-9c02-6d8be5ed58c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13438", "type": "seen", "source": "https://t.me/cvedetector/18278", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13438 - \"SpeedSize WordPress Plugin CSRF Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-13438 \nPublished : Feb. 18, 2025, 6:15 a.m. | 1\u00a0hour, 15\u00a0minutes ago \nDescription : The SpeedSize Image & Video AI-Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the 'speedsize_clear_css_cache_action' function. This makes it possible for unauthenticated attackers to clear the plugins cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"18 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T09:16:48.000000Z"} https://vulnerability.circl.lu/sighting/73bb26f8-0ba8-4034-9c02-6d8be5ed58c6/export Tue, 18 Feb 2025 09:16:48 +0000 4e68e6d2-171d-47ca-ac43-69e8a70ded8b https://vulnerability.circl.lu/sighting/4e68e6d2-171d-47ca-ac43-69e8a70ded8b/export {"uuid": "4e68e6d2-171d-47ca-ac43-69e8a70ded8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13438", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ligxjwvvu72a", "content": "", "creation_timestamp": "2025-02-18T09:36:25.541343Z"} {"uuid": "4e68e6d2-171d-47ca-ac43-69e8a70ded8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13438", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ligxjwvvu72a", "content": "", "creation_timestamp": "2025-02-18T09:36:25.541343Z"} https://vulnerability.circl.lu/sighting/4e68e6d2-171d-47ca-ac43-69e8a70ded8b/export Tue, 18 Feb 2025 09:36:25 +0000 86e5dd7b-d8cd-4447-bdf5-3d551f22781b https://vulnerability.circl.lu/sighting/86e5dd7b-d8cd-4447-bdf5-3d551f22781b/export {"uuid": "86e5dd7b-d8cd-4447-bdf5-3d551f22781b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13438", "type": "seen", "source": "Telegram/Rht8IwyMcWoURy3dRaUtUj1u7ZA0X_bsNwd8_SBs8vmpYGIX", "content": "", "creation_timestamp": "2025-02-18T11:39:00.000000Z"} {"uuid": "86e5dd7b-d8cd-4447-bdf5-3d551f22781b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13438", "type": "seen", "source": "Telegram/Rht8IwyMcWoURy3dRaUtUj1u7ZA0X_bsNwd8_SBs8vmpYGIX", "content": "", "creation_timestamp": "2025-02-18T11:39:00.000000Z"} https://vulnerability.circl.lu/sighting/86e5dd7b-d8cd-4447-bdf5-3d551f22781b/export Tue, 18 Feb 2025 11:39:00 +0000 5e7f6269-fc3f-47f4-ac77-685959948e66 https://vulnerability.circl.lu/sighting/5e7f6269-fc3f-47f4-ac77-685959948e66/export {"uuid": "5e7f6269-fc3f-47f4-ac77-685959948e66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13439", "type": "seen", "source": "Telegram/2DEtsJwuz9F6K8ZqQ1-7qkpu6ceUAHyx0J6wRgc2mL0W7Dzj", "content": "", "creation_timestamp": "2025-02-24T14:08:42.000000Z"} {"uuid": "5e7f6269-fc3f-47f4-ac77-685959948e66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13439", "type": "seen", "source": "Telegram/2DEtsJwuz9F6K8ZqQ1-7qkpu6ceUAHyx0J6wRgc2mL0W7Dzj", "content": "", "creation_timestamp": "2025-02-24T14:08:42.000000Z"} https://vulnerability.circl.lu/sighting/5e7f6269-fc3f-47f4-ac77-685959948e66/export Mon, 24 Feb 2025 14:08:42 +0000 6bcd7770-9b53-441f-b282-cf0d6091709f https://vulnerability.circl.lu/sighting/6bcd7770-9b53-441f-b282-cf0d6091709f/export {"uuid": "6bcd7770-9b53-441f-b282-cf0d6091709f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13431", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6807", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13431\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the accent_color and background parameter in all versions up to, and including, 1.6.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-03-07T08:21:28.499Z\n\ud83d\udccf Modified: 2025-03-07T08:21:28.499Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/f6e3e5dd-b9f1-4d24-98cc-b6ab319434e4?source=cve\n2. https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/trunk/booking-app-new/iframe-inner.php#L182\n3. https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/trunk/booking-app-new/iframe-inner.php#L189\n4. https://plugins.trac.wordpress.org/changeset/3246760/simply-schedule-appointments/trunk/booking-app-new/iframe-inner.php", "creation_timestamp": "2025-03-07T08:34:50.000000Z"} {"uuid": "6bcd7770-9b53-441f-b282-cf0d6091709f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13431", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6807", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13431\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the accent_color and background parameter in all versions up to, and including, 1.6.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-03-07T08:21:28.499Z\n\ud83d\udccf Modified: 2025-03-07T08:21:28.499Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/f6e3e5dd-b9f1-4d24-98cc-b6ab319434e4?source=cve\n2. https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/trunk/booking-app-new/iframe-inner.php#L182\n3. https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/trunk/booking-app-new/iframe-inner.php#L189\n4. https://plugins.trac.wordpress.org/changeset/3246760/simply-schedule-appointments/trunk/booking-app-new/iframe-inner.php", "creation_timestamp": "2025-03-07T08:34:50.000000Z"} https://vulnerability.circl.lu/sighting/6bcd7770-9b53-441f-b282-cf0d6091709f/export Fri, 07 Mar 2025 08:34:50 +0000 3c741af2-bcd4-4d4c-a9a9-359587d52e81 https://vulnerability.circl.lu/sighting/3c741af2-bcd4-4d4c-a9a9-359587d52e81/export {"uuid": "3c741af2-bcd4-4d4c-a9a9-359587d52e81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13436", "type": "seen", "source": "https://t.me/cvedetector/20033", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13436 - Appsero Helper WordPress CSRF\", \n \"Content\": \"CVE ID : CVE-2024-13436 \nPublished : March 11, 2025, 4:15 a.m. | 1\u00a0hour, 37\u00a0minutes ago \nDescription : The Appsero Helper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation on the 'appsero_helper' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T07:35:36.000000Z"} {"uuid": "3c741af2-bcd4-4d4c-a9a9-359587d52e81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13436", "type": "seen", "source": "https://t.me/cvedetector/20033", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13436 - Appsero Helper WordPress CSRF\", \n \"Content\": \"CVE ID : CVE-2024-13436 \nPublished : March 11, 2025, 4:15 a.m. | 1\u00a0hour, 37\u00a0minutes ago \nDescription : The Appsero Helper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation on the 'appsero_helper' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T07:35:36.000000Z"} https://vulnerability.circl.lu/sighting/3c741af2-bcd4-4d4c-a9a9-359587d52e81/export Tue, 11 Mar 2025 07:35:36 +0000 7e18789a-84a1-44d4-b594-a46f5fc1e1c1 https://vulnerability.circl.lu/sighting/7e18789a-84a1-44d4-b594-a46f5fc1e1c1/export {"uuid": "7e18789a-84a1-44d4-b594-a46f5fc1e1c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13436", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lk3lxsxpat2m", "content": "", "creation_timestamp": "2025-03-11T08:00:31.735094Z"} {"uuid": "7e18789a-84a1-44d4-b594-a46f5fc1e1c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13436", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lk3lxsxpat2m", "content": "", "creation_timestamp": "2025-03-11T08:00:31.735094Z"} https://vulnerability.circl.lu/sighting/7e18789a-84a1-44d4-b594-a46f5fc1e1c1/export Tue, 11 Mar 2025 08:00:31 +0000 ca74766c-a20e-4d01-a626-286e610f481f https://vulnerability.circl.lu/sighting/ca74766c-a20e-4d01-a626-286e610f481f/export {"uuid": "ca74766c-a20e-4d01-a626-286e610f481f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13430", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7292", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13430\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayer_builder_posts_shortcode' function due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private posts that they should not have access to.\n\ud83d\udccf Published: 2025-03-12T08:21:37.013Z\n\ud83d\udccf Modified: 2025-03-12T08:21:37.013Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/1de8da4c-dee7-4d59-a475-a969008aa0d4?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3252081/pagelayer", "creation_timestamp": "2025-03-12T08:50:00.000000Z"} {"uuid": "ca74766c-a20e-4d01-a626-286e610f481f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13430", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7292", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13430\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayer_builder_posts_shortcode' function due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private posts that they should not have access to.\n\ud83d\udccf Published: 2025-03-12T08:21:37.013Z\n\ud83d\udccf Modified: 2025-03-12T08:21:37.013Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/1de8da4c-dee7-4d59-a475-a969008aa0d4?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3252081/pagelayer", "creation_timestamp": "2025-03-12T08:50:00.000000Z"} https://vulnerability.circl.lu/sighting/ca74766c-a20e-4d01-a626-286e610f481f/export Wed, 12 Mar 2025 08:50:00 +0000