CVE-2024-1904

The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the searchposts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose...

WordPress Widget Options Extended plugin <= 5.1.0 - Subscriber+ Private/Draft Post Exposure Vulnerability

Subscriber+ Private/Draft Post Exposure Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Widget Options - Extended versions = 5.1.0...

WordPress Widget Options plugin <= 4.0.1 - Subscriber+ Private/Draft Post Exposure Vulnerability

Subscriber+ Private/Draft Post Exposure Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Widget Options versions = 4.0.1...

CVE-2023-7199 Relevanssi (Free < 4.22.0, Premium < 2.25.0) - Unauthenticated Private/Draft Post Disclosure

The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request...