CVE-2024-10671

CVE-2024-10671 affects the WordPress plugin Button Block (versions up to and including 1.1.4). The issue allows authenticated attackers with Contributor-level access and above to exfiltrate data from password‑protected, private, or draft posts via the btn_block shortcode due to insufficient post‑...

CVE-2024-10782 Theme Builder For Elementor <= 1.2.2 - Authenticated (Contributor+) Post Disclosure

The Theme Builder For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

PT-2024-16749 · WordPress · Simple Membership

Name of the Vulnerable Software and Affected Versions: The Simple Membership plugin for WordPress versions up to, and including, 4.5.5 Description: The issue allows unauthenticated attackers to extract sensitive data from restricted posts via the WordPress core search feature. This makes it...

WordPress plugin Simple Membership 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-10365

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in modules/widgets/tpcarouselanything.php,...

CVE-2024-10365 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.0.3 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in modules/widgets/tpcarouselanything.php,...

CVE-2024-11094

CVE-2024-11094 affects the WordPress 404 Solution plugin for WordPress, with all versions up to and including 2.35.17 exposed. The root cause is a missing authentication check in the export feature, enabling unauthenticated attackers to retrieve sensitive information such as redirects and GET par...

CVE-2024-10794 Boostify Header Footer Builder for Elementor <= 1.3.6 - Authenticated (Contributor+) Post Disclosure

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

PT-2024-16537 · WordPress · Buddypress Builder For Elementor – Buddybuilder

Name of the Vulnerable Software and Affected Versions: The BuddyPress Builder for Elementor – BuddyBuilder plugin for WordPress versions up to, and including, 1.7.4 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft...

CVE-2024-10352

The Magical Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the getcontenttype function in includes/widgets/content-reveal.php. This makes it possible for authenticated attackers, with Contributor-level acce...

CVE-2024-10688

The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-10693

CVE-2024-10693 affects the SKT Addons for Elementor plugin for WordPress (up to version 3.3). The issue is an Information Exposure due to insufficient restrictions in the Unfold widget, allowing authenticated users with Contributor-level access and higher to extract data from private or Elementor...

CVE-2024-10779

CVE-2024-10779 affects Cowidgets – Elementor Addons (WordPress) up to version 1.2.0. Root cause: Information Disclosure via the ce_template shortcode due to insufficient restrictions on which posts can be included. Impact: authenticated attackers with Contributor-level access (or higher) can extr...

CVE-2024-52314

A data.all admin team member who has access to the customer-owned AWS Account where data.all is deployed may be able to extract user data from data.all application logs in data.all via CloudWatch log scanning for particular operations that interact with customer producer teams data...

CVE-2024-52314

CVE-2024-52314 relates to data.all. Multiple connected sources describe a vulnerable scenario where a data.all admin team member with access to a customer‑owned AWS account can potentially extract user data from data.all application logs by scanning CloudWatch logs for operations interacting with...

WordPress plugin Poll Maker SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress plugin Quform 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information...

WordPress plugin Countdown Timer block 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...

Advanced Browser Data Extraction for Chromium and Gecko Browsers

This post-exploitation module extracts sensitive browser data from both Chromium-based and Gecko-based browsers on the target system. It supports the decryption of passwords and cookies using Windows Data Protection API DPAPI and can extract additional data such as browsing history, keyword searc...