CVE-2024-1381

The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and higher, to extract sensitive user or...

CVE-2024-12102

The Typer Core plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.6 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-12061

The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naeventselementortemplate shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, wi...

CVE-2024-12472

The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphrduplicatepost function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-lev...

CVE-2024-12067

The WP Travel – Ultimate Travel Booking System, Tour Management Engine plugin for WordPress is vulnerable to SQL Injection via the 'bookingitinerary' parameter of the 'wptravelgetbookingdata' function in all versions up to, and including, 10.0.0 due to insufficient escaping on the user supplied...

CVE-2024-12140

The Elementor Addons AI Addons – 70 Widgets, Premium Templates, Ultimate Elements plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render function due to insufficient restrictions on which templates can be included. This makes it...

CVE-2024-5614

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.29 via the 'pafepostslist' function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and excerpts of...

CVE-2024-10787

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers...

CVE-2024-10341

The League of Legends Shortcodes plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

CVE-2024-12615

The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb-prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2024-11280

The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been...

CVE-2024-13216

The HT Event – WordPress Event Manager Plugin for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via the 'render' function in /includes/widgets/hteventsponsor.php. This makes it possible for authenticated attackers, with...

CVE-2024-13215

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authenticated attackers, with Contributor-level acce...

CVE-2024-11089

The Anonymous Restricted Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been...

CVE-2024-12532

The BWD Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.18 in widgets/bwdeb-content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive...

CVE-2024-12159

The Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the printphpinformation.php being publicly accessible. This makes it possible for unauthenticated attackers to...

CVE-2024-11292

The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted t...

CVE-2024-12062

The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.3 via the 'nacharityelementortemplate' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers...

CVE-2024-10666

The Easy Twitter Feed – Twitter feeds plugin for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.6 via the etf shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from...

CVE-2024-11088

The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...