Lucene search
K

1964 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:59 a.m.4 views

CVE-2024-12159

The Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the printphpinformation.php being publicly accessible. This makes it possible for unauthenticated attackers to...

5.3CVSS6.7AI score0.00353EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:48 a.m.5 views

CVE-2024-11292

The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted t...

5.3CVSS6.8AI score0.0044EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:47 a.m.9 views

CVE-2024-12062

The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.3 via the 'nacharityelementortemplate' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers...

4.3CVSS7.2AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:41 a.m.5 views

CVE-2024-10666

The Easy Twitter Feed – Twitter feeds plugin for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.6 via the etf shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from...

4.3CVSS6.7AI score0.00435EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:39 a.m.8 views

CVE-2024-11088

The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

7.5CVSS6.8AI score0.00619EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:31 a.m.5 views

CVE-2024-10778

The BuddyPress Builder for Elementor – BuddyBuilder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticat...

4.3CVSS6.5AI score0.00469EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:28 a.m.6 views

CVE-2024-10695

The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

4.3CVSS6.5AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:21 a.m.5 views

CVE-2024-10690

The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODEELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

4.3CVSS6.6AI score0.00289EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:18 a.m.7 views

CVE-2024-10356

The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

4.3CVSS6.5AI score0.0041EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:30 a.m.8 views

CVE-2023-41047

OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract da...

6.5CVSS8AI score0.00568EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:3 a.m.6 views

CVE-2023-27254

Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

9.8CVSS8.1AI score0.00759EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:47 a.m.11 views

CVE-2023-4723

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajaxeaepostdata function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including those of wit...

5.3CVSS6.8AI score0.00927EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:39 a.m.8 views

CVE-2023-26583

Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

9.8CVSS8.1AI score0.00556EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:39 a.m.7 views

CVE-2023-26581

Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

9.8CVSS8.1AI score0.00556EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:39 a.m.6 views

CVE-2023-26572

Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

9.8CVSS8.1AI score0.00759EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:39 a.m.8 views

CVE-2023-26569

Unauthenticated SQL injection in the StudentPopupDetailsTimetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

9.8CVSS8.1AI score0.00759EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:39 a.m.5 views

CVE-2023-26582

Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

9.8CVSS8.1AI score0.00556EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:38 a.m.8 views

CVE-2023-26568

Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

9.8CVSS8.1AI score0.00759EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:38 a.m.7 views

CVE-2023-26584

Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

9.8CVSS8.1AI score0.00556EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:31 a.m.10 views

CVE-2023-5434

The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS7.2AI score0.00797EPSS
Exploits1References1
Rows per page
Query Builder