#unauthenticated-access

[ follow ]
#ghost-cms #sql-injection #cwe-89 #cve-2026-26980 #wordpress-security #plugin-vulnerability #data-breach
fromNist
17 hours ago
Node JS

NVD

Unauthenticated attackers can read arbitrary database data in Ghost versions 3.24.0 through 6.19.0 via an SQL injection flaw, fixed in 6.19.1.
Information security
fromTechRepublic
2 months ago

Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk

A critical vulnerability in the Ally WordPress plugin allows unauthenticated attackers to extract sensitive database data including password hashes from hundreds of thousands of affected websites.
[ Load more ]