Lucene search
K

285 matches found

Prion
Prion
added 2024/03/12 11:15 p.m.12 views

Default credentials

The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'getposts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft...

5CVSS7.2AI score0.00618EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.5 views

PT-2024-15200 · WordPress · The Post Grid Combo – 36+ Gutenberg Blocks

Name of the Vulnerable Software and Affected Versions: The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress versions up to, and including, 2.2.68 Description: The issue allows unauthenticated attackers to extract sensitive data, including full draft posts and password-protected posts, ...

7.5CVSS9.8AI score0.00618EPSS
Exploits0References8
OSV
OSV
added 2024/03/06 10:52 a.m.12 views

BIT-GHOST-2023-26510

Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no...

5.7CVSS5.5AI score0.0063EPSS
Exploits0References4
OSV
OSV
added 2024/02/12 4:15 p.m.4 views

CVE-2024-0421

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts...

5.3CVSS5.9AI score0.00568EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/02/12 4:5 p.m.15 views

CVE-2024-0421 MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts...

5.4AI score0.00568EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/02/12 12:0 a.m.13 views

PT-2024-15544 · WordPress · Mappress Maps

Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions prior to 2.88.16 Description: The issue affects the MapPress Maps for WordPress plugin, allowing unauthenticated users to read arbitrary private and draft posts due to an Insecure Direct Object Reference...

5.3CVSS7.4AI score0.00568EPSS
Exploits2References7
CNNVD
CNNVD
added 2024/02/12 12:0 a.m.10 views

WordPress Plugin MapPress Maps Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability previously existed...

5.3CVSS6.7AI score0.00568EPSS
Exploits2References2
OSV
OSV
added 2024/02/10 7:15 a.m.4 views

CVE-2024-0596

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editorhtml function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with...

5.3CVSS7.3AI score0.004EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/05 12:0 a.m.6 views

PT-2024-15006 · WordPress · The Events Calendar

Name of the Vulnerable Software and Affected Versions: The Events Calendar plugin for WordPress versions up to, and including, 6.2.8.2 Description: The issue allows unauthenticated attackers to extract potentially sensitive data, including post titles and IDs of pending, private, and draft posts,...

5.3CVSS9.7AI score0.00562EPSS
Exploits0References7
OSV
OSV
added 2024/01/29 3:15 p.m.4 views

CVE-2023-7199

The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request...

5.3CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2024/01/29 3:15 p.m.24 views

CVE-2023-7199

The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request...

5.3CVSS5.2AI score0.00616EPSS
Exploits2References2
OSV
OSV
added 2024/01/16 4:15 p.m.4 views

CVE-2023-5922

The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action and REST endpoint, currently disabled in the plugin have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protect...

7.5CVSS5.9AI score0.0071EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.20 views

The Events Calendar < 6.2.9 - Unauthenticated Sensitive Information Exposure

Description The plugin is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wpajaxnoprivtribedropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and I...

5.3CVSS6.4AI score0.00562EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/01/11 9:15 a.m.5 views

CVE-2023-6582

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekitwidgetareacontent function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending...

5.3CVSS5.8AI score0.00521EPSS
Exploits0References4
OSV
OSV
added 2023/12/18 8:15 p.m.5 views

CVE-2023-6077

The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protect...

6.5CVSS5.9AI score0.00665EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/12/06 12:0 a.m.147 views

Royal Elementor Addons and Templates < 1.3.81 - Unauthenticated Arbitrary Post Read

Description The plugin does not ensure that users accessing posts via an AJAX action and REST endpoint, currently disabled in the plugin have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content WooCommerce needs to be...

7.5CVSS7.1AI score0.0071EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2023/10/09 10:40 a.m.14 views

CVE-2023-5331 File Information Leak via IDOR in file_id in Draft Posts

Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information...

4.3CVSS6.7AI score0.00319EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/10/09 12:0 a.m.6 views

Mattermost Security Vulnerabilities

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from a failure to properly check the creator of an attachment when adding it to a draft post, which could lead to information disclosure...

5.3CVSS6.4AI score0.00319EPSS
Exploits0References2
NVD
NVD
added 2023/05/02 8:15 a.m.16 views

CVE-2023-1911

The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example...

4.3CVSS4.4AI score0.0055EPSS
Exploits2References1
OSV
OSV
added 2023/05/02 8:15 a.m.5 views

CVE-2023-1911

The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example...

4.3CVSS6.6AI score0.0055EPSS
Exploits2References1
Rows per page
Query Builder