CVE-2025-58202 WordPress Simple Page Access Restriction Plugin <= 1.0.32 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Plugins and Snippets Simple Page Access Restriction simple-page-access-restriction allows Cross Site Request Forgery.This issue affects Simple Page Access Restriction: from n/a through = 1.0.32...

WordPress plugin Simple Page Access Restriction 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress plugin Simple Page Access Restriction 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2024-0965

The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content...

CVE-2024-11295 Simple Page Access Restriction <= 1.0.29 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.29 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been...

PT-2024-16890 · WordPress · Simple Page Access Restriction

Name of the Vulnerable Software and Affected Versions: Simple Page Access Restriction plugin for WordPress versions up to 1.0.29 Description: The issue allows unauthenticated attackers to extract sensitive data from posts restricted to higher-level roles, such as logged-in users, via the WordPres...

WordPress Simple Page Access Restriction plugin <= 1.0.29 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability

Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin Simple Page Access Restriction versions = 1.0.29...

PT-2024-39529 · WordPress · Re:Wp

Name of the Vulnerable Software and Affected Versions: Re:WP plugin for WordPress version 1.0.1 and earlier Description: The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This makes it...

PT-2024-7833 · Esri · Esri Portal For Arcgis

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions 10.8.1 through 11.1 Description: The issue is related to a reflected XSS vulnerability that may allow a remote, unauthenticated attacker to create a crafted link which, when clicked, could potentially execute...

PT-2024-5956 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.20 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious...

CVE-2024-0965

The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content...

Code injection

The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content...

CVE-2024-0965 Simple Page Access Restriction <= 1.0.21 - Improper Access Control to Sensitive Information Exposure via REST API

The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content...

WordPress Simple Page Access Restriction Plugin <= 1.0.21 is vulnerable to Sensitive Data Exposure

Software Simple Page Access Restriction Type Plugin Vulnerable versions = 1.0.21 Fixed in 1.0.23 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-0965 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 09ce34b22c58 Credits Francesco...

PT-2022-25526 · Modern Campus · Modern Campus - Omni Cms

Name of the Vulnerable Software and Affected Versions: Modern Campus Omni CMS formerly OU Campus version 10.2.4 Description: The issue allows for SQL injection via a specific substring on the login page. This can be achieved by using a substring such as ' OR 1 = 1 -- - , ?php'. Recommendations: F...

User Rights Access Manager <= 1.0.5 - Access Restriction Bypass

The plugin does not properly restrict access to pages, allowing admin users with restricted access done by the plugin to still access the related pages. The issue is the same technique than https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/ PoC The PoC...

CVE-2017-3184

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the...

CVE-2008-4597

Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors...