342 matches found
CVE-2022-2564
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6...
CVE-2024-37115
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8...
CVE-2024-37424
Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks allows Upload a Web Shell to a Web Server.This issue affects Newspack Blocks: from n/a through 3.0.8...
CVE-2024-37241
Cross-Site Request Forgery CSRF vulnerability in Automattic WP Job Manager - Resume Manager allows Cross Site Request Forgery.This issue affects WP Job Manager - Resume Manager: from n/a through 2.1.0...
CVE-2024-37241 WordPress WP Job Manager Resume Manager plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Automattic WP Job Manager - Resume Manager allows Cross Site Request Forgery.This issue affects WP Job Manager - Resume Manager: from n/a through 2.1.0...
CVE-2024-37242
Cross-Site Request Forgery CSRF vulnerability in Automattic Newspack Newsletters newspack-newsletters allows Cross Site Request Forgery.This issue affects Newspack Newsletters: from n/a through = 2.13.2...
CVE-2024-37242 WordPress Newspack Newsletters plugin <= 2.13.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Automattic Newspack Newsletters newspack-newsletters allows Cross Site Request Forgery.This issue affects Newspack Newsletters: from n/a through = 2.13.2...
CVE-2024-37242
CVE-2024-37242 is a Cross-Site Request Forgery (CSRF) vulnerability in Automattic Newspack Newsletters, affecting version range n/a through 2.13.2. The connected records confirm the issue as a CSRF flaw in the WordPress plugin and reference public disclosures; no exploitation details or official ...
CVE-2024-43338
Cross-Site Request Forgery CSRF vulnerability in Automattic Crowdsignal Dashboard – Polls, Surveys & more polldaddy allows Cross Site Request Forgery.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through = 3.1.3...
CVE-2024-43338
CVE-2024-43338 is a CSRF vulnerability in Crowdsignal Dashboard – Polls, Surveys & more (WordPress plugin Crowdsignal) affecting versions up to and including 3.1.2. The issue permits Cross Site Request Forgery with CVSS v3.1 base score 4.3 (Medium). Connected Patchstack entries classify the vulne...
CVE-2024-43968
Broken Access Control vulnerability in Automattic Newspack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack: from n/a through 3.8.6...
CVE-2024-37477
Missing Authorization vulnerability in Automattic Newspack Content Converter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Content Converter: from n/a through 0.1.5...
CVE-2024-37475
Missing Authorization vulnerability in Automattic Newspack Newsletters allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Newspack Newsletters: from n/a through 2.13.2...
CVE-2024-37423
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Automattic Newspack Blocks allows Path Traversal.This issue affects Newspack Blocks: from n/a through 3.0.8...
CVE-2024-37423 WordPress Newspack Blocks plugin <= 3.0.8 - Contributor+ Arbitrary Directory Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Automattic Newspack Blocks allows Path Traversal.This issue affects Newspack Blocks: from n/a through 3.0.8...
CVE-2024-37425 WordPress Newspack Blocks plugin <= 3.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Automattic Newspack Blocks newspack-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Blocks: from n/a through 3.0.8...
CVE-2024-37423
CVE-2024-37423 pertains to WordPress Automattic Newspack Blocks (
CVE-2024-37425
CVE-2024-37425 corresponds to a Missing Authorization vulnerability in Automattic Newspack Blocks (WordPress plugin) up to version 3.0.8. Connected sources describe an Authenticated (Contributor+) scenario involving broken/incorrect access control security levels and note that the vulnerability i...
CVE-2024-37443
CVE-2024-37443 corresponds to a Missing Authorization vulnerability in the WP Job Manager - Resume Manager plugin (affected: WP Job Manager - Resume Manager,
CVE-2024-37475 WordPress Newspack Newsletters plugin <= 2.13.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Automattic Newspack Newsletters allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Newspack Newsletters: from n/a through 2.13.2...