Lucene search
K

287 matches found

EUVD
EUVD
added 2022/08/15 8:38 a.m.5 views

EUVD-2022-34789

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

5.3CVSS7AI score0.01464EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/08/15 12:0 a.m.4 views

WordPress plugin SearchWP Live Ajax Search 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS5.8AI score0.01464EPSS
Exploits2References2
OSV
OSV
added 2022/04/11 3:15 p.m.7 views

CVE-2022-0914

The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages including private and draft into an arbitrary CSV file, which the attacker can then download and retrieve the list of...

6.5CVSS5.9AI score0.00635EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/04/11 3:15 p.m.6 views

CVE-2022-0914

The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages including private and draft into an arbitrary CSV file, which the attacker can then download and retrieve the list of...

6.5CVSS6.8AI score0.00635EPSS
Exploits1References2
CNVD
CNVD
added 2022/03/11 12:0 a.m.17 views

WordPress Document Embedder plugin information leakage vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Document Embedder plugin versions prior to 1.7.5 contain an information disclosure vulnerability that could be exploited to all...

5CVSS1.8AI score0.01327EPSS
Exploits2Affected Software1
OSV
OSV
added 2022/02/01 1:15 p.m.3 views

CVE-2021-24868

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...

4.3CVSS5.9AI score
Exploits0References1
NVD
NVD
added 2022/02/01 1:15 p.m.29 views

CVE-2021-24775

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...

5.3CVSS0.01327EPSS
Exploits2References1
NVD
NVD
added 2022/02/01 1:15 p.m.27 views

CVE-2021-24868

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...

4.3CVSS0.00891EPSS
Exploits2References1
OSV
OSV
added 2022/02/01 1:15 p.m.5 views

CVE-2021-24775

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...

5.3CVSS5.9AI score
Exploits0References1
Prion
Prion
added 2022/02/01 1:15 p.m.18 views

Design/Logic Flaw

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...

5CVSS5.4AI score0.01327EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.7 views

WordPress 安全漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Document Embedder plugin versions prior to 1.7.5 contain an information disclosure vulnerability that could be exploited to all...

5.3CVSS5.8AI score0.01327EPSS
Exploits2References2
NVD
NVD
added 2022/01/24 8:15 a.m.29 views

CVE-2021-24733

The WP Post Page Clone WordPress plugin before 1.2 allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally...

4.3CVSS0.00783EPSS
Exploits2References1
OSV
OSV
added 2022/01/10 4:15 p.m.4 views

CVE-2021-24948

The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tpgetdlpostinfoajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts...

7.5CVSS5.8AI score0.01815EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2022/01/03 12:0 a.m.20 views

Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure

The plugin contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts. PoC https://example.com/wp-json/doc/v1/single/509 509 being the ID of a private/draft Post...

5.3CVSS1.5AI score0.01327EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/27 12:0 a.m.24 views

WP Post Page Clone < 1.2 - Unauthorised Post Access

The plugin allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally. PoC Go to All Posts, find the post to clone, click "Click to Clone" then edit the cloned post to see its content...

4.3CVSS3.2AI score0.00783EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2021/12/13 12:0 a.m.268 views

The Plus Addons for Elementor Pro < 5.0.7 - Sensitive Data Disclosure

The plugin does not validate the qvquery parameter of the tpgetdlpostinfoajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts The following request allow an unauthenticated user to get the draft posts the nonce can be retriev...

7.5CVSS1.2AI score0.01815EPSS
Exploits2References1
Veracode
Veracode
added 2019/10/18 8:25 a.m.36 views

Unauthenticated Access To Restricted Resources

wordpress allows unauthenticated access to restricted resources. This vulnerability could allow unauthenticated users to view private or draft posts that would otherwise be restricted...

5.3CVSS5.3AI score0.36503EPSS
Exploits2References9Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.76 views

WordPress 2.3.1 Unauthorized Post Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26885/info WordPress is prone to a vulnerability that lets unauthorized users read draft posts before they have been published. This issue affects WordPress 2.3.1; other versions may also be affected. NOTE: This BID is...

7.1AI score
Exploits0
OSV
OSV
added 2012/07/22 5:55 p.m.3 views

DEBIAN-CVE-2012-3385

WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors...

5CVSS6.6AI score0.01902EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2012/07/22 5:0 p.m.30 views

CVE-2012-3385

WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors...

5CVSS5.1AI score0.01902EPSS
Exploits0
Rows per page
Query Builder