Lucene search
K

1965 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:45 a.m.6 views

CVE-2024-9540

The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and...

4.3CVSS6.5AI score0.0039EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:42 a.m.17 views

CVE-2024-9156

The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries...

7.5CVSS7.5AI score0.00391EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:36 a.m.5 views

CVE-2024-8771

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'previewemailtemplatedesign' function in all versions up to, and including,...

4.3CVSS6.5AI score0.00361EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:27 a.m.8 views

CVE-2024-8195

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debugdata', 'debugquery', and 'debugredirect' functions in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to extra...

5.3CVSS6.6AI score0.00532EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:52 a.m.12 views

CVE-2024-7417

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the datafetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected...

4.3CVSS6.7AI score0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:42 a.m.4 views

CVE-2024-23674

The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from...

9.6CVSS7AI score0.0073EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:41 a.m.9 views

CVE-2024-1381

The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and higher, to extract sensitive user or...

6.5CVSS6.4AI score0.00491EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:28 a.m.5 views

CVE-2024-12102

The Typer Core plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.6 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS6.5AI score0.00299EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:27 a.m.8 views

CVE-2024-12061

The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naeventselementortemplate shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, wi...

4.3CVSS6.5AI score0.00367EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:26 a.m.7 views

CVE-2024-12472

The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphrduplicatepost function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-lev...

4.3CVSS7.2AI score0.00298EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:26 a.m.5 views

CVE-2024-12067

The WP Travel – Ultimate Travel Booking System, Tour Management Engine plugin for WordPress is vulnerable to SQL Injection via the 'bookingitinerary' parameter of the 'wptravelgetbookingdata' function in all versions up to, and including, 10.0.0 due to insufficient escaping on the user supplied...

6.5CVSS7.3AI score0.00451EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:26 a.m.4 views

CVE-2024-12140

The Elementor Addons AI Addons – 70 Widgets, Premium Templates, Ultimate Elements plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render function due to insufficient restrictions on which templates can be included. This makes it...

4.3CVSS6.5AI score0.00434EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:27 a.m.4 views

CVE-2024-5614

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.29 via the 'pafepostslist' function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and excerpts of...

5.3CVSS6.7AI score0.00439EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:21 a.m.6 views

CVE-2024-10787

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers...

4.3CVSS6.5AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:19 a.m.6 views

CVE-2024-10341

The League of Legends Shortcodes plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

6.5CVSS6.6AI score0.00433EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:15 a.m.4 views

CVE-2024-12615

The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb-prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS6.6AI score0.00472EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:50 a.m.6 views

CVE-2024-11280

The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been...

5.3CVSS6.8AI score0.00402EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:35 a.m.4 views

CVE-2024-13216

The HT Event – WordPress Event Manager Plugin for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via the 'render' function in /includes/widgets/hteventsponsor.php. This makes it possible for authenticated attackers, with...

4.3CVSS4.3AI score0.00306EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:5 a.m.8 views

CVE-2024-13215

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authenticated attackers, with Contributor-level acce...

4.3CVSS4.3AI score0.00503EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:2 a.m.8 views

CVE-2024-11089

The Anonymous Restricted Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been...

5.3CVSS6.8AI score0.00552EPSS
Exploits0References1
Rows per page
Query Builder