1965 matches found
CVE-2024-9540
The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2024-9156
The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries...
CVE-2024-8771
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'previewemailtemplatedesign' function in all versions up to, and including,...
CVE-2024-8195
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debugdata', 'debugquery', and 'debugredirect' functions in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to extra...
CVE-2024-7417
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the datafetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected...
CVE-2024-23674
The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from...
CVE-2024-1381
The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and higher, to extract sensitive user or...
CVE-2024-12102
The Typer Core plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.6 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2024-12061
The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naeventselementortemplate shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, wi...
CVE-2024-12472
The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphrduplicatepost function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2024-12067
The WP Travel – Ultimate Travel Booking System, Tour Management Engine plugin for WordPress is vulnerable to SQL Injection via the 'bookingitinerary' parameter of the 'wptravelgetbookingdata' function in all versions up to, and including, 10.0.0 due to insufficient escaping on the user supplied...
CVE-2024-12140
The Elementor Addons AI Addons – 70 Widgets, Premium Templates, Ultimate Elements plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render function due to insufficient restrictions on which templates can be included. This makes it...
CVE-2024-5614
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.29 via the 'pafepostslist' function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and excerpts of...
CVE-2024-10787
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers...
CVE-2024-10341
The League of Legends Shortcodes plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
CVE-2024-12615
The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb-prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2024-11280
The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been...
CVE-2024-13216
The HT Event – WordPress Event Manager Plugin for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via the 'render' function in /includes/widgets/hteventsponsor.php. This makes it possible for authenticated attackers, with...
CVE-2024-13215
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authenticated attackers, with Contributor-level acce...
CVE-2024-11089
The Anonymous Restricted Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been...