Lucene search
K

728 matches found

Cvelist
Cvelist
added 2025/09/11 6:0 a.m.9 views

CVE-2025-9034 Wp Edit Password Protected < 1.3.5 - Open Redirect

The Wp Edit Password Protected WordPress plugin before 1.3.5 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

0.00203EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.4 views

PT-2025-37118

Name of the Vulnerable Software and Affected Versions: Wp Edit Password Protected WordPress plugin versions prior to 1.3.5 Description: The Wp Edit Password Protected WordPress plugin does not validate a parameter before redirecting the user to its value, resulting in an Open Redirect issue...

6.1CVSS6.3AI score0.00203EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/11 12:0 a.m.3 views

WordPress plugin Wp Edit Password Protected security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

6.1CVSS5.8AI score0.00203EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/08 2:9 a.m.12 views

CVE-2025-7368

The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the 'ajaxactionregetfullcontent' function due to insufficient restrictions on which posts can be included. This makes i...

5.3CVSS6.3AI score0.00255EPSS
Exploits0References1
CVE
CVE
added 2025/09/06 1:45 a.m.21 views

CVE-2025-7368

CVE-2025-7368 — REHub WordPress Theme: Unauthenticated information exposure in REHub up to version 19.9.7 due to insufficient restrictions in the ajax_action_re_getfullcontent path, allowing access to password-protected post data. Affected: REHub Theme for WordPress (versions ≤ 19.9.7). Root caus...

5.3CVSS5.8AI score0.00255EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/06 1:45 a.m.5 views

CVE-2025-7368 Rehub <= 19.9.7 - Unauthenticated Password Protected Post Disclosure

The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the 'ajaxactionregetfullcontent' function due to insufficient restrictions on which posts can be included. This makes i...

5.3CVSS5.8AI score0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/06 1:45 a.m.30 views

CVE-2025-7368 Rehub <= 19.9.7 - Unauthenticated Password Protected Post Disclosure

The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the 'ajaxactionregetfullcontent' function due to insufficient restrictions on which posts can be included. This makes i...

5.3CVSS0.00255EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/06 12:0 a.m.7 views

PT-2025-36348

Name of the Vulnerable Software and Affected Versions: REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme versions prior to 19.9.8 Description: The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme for WordPress is susceptible to information exposure due to...

5.3CVSS6.1AI score0.00255EPSS
Exploits0References7
Patchstack
Patchstack
added 2025/09/05 11:49 p.m.7 views

WordPress Rehub theme <= 19.9.7 - Unauthenticated Password Protected Post Disclosure vulnerability

Unauthenticated Password Protected Post Disclosure vulnerability discovered by stealthcopter in WordPress Theme Rehub versions = 19.9.7...

5.3CVSS7AI score0.00255EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/08/27 5:19 p.m.4 views

DRUPAL-CONTRIB-2025-101

This module enables you to protect individual pages with a password. The module doesn't limit the number of password attempts, making it vulnerable to brute force attacks. This vulnerability is mitigated by the fact that an attacker must know the protected page's URL. CVSS risk score experimental...

6.5CVSS6.9AI score0.00355EPSS
Exploits0References1
NVD
NVD
added 2025/08/27 2:15 p.m.3 views

CVE-2025-56694

Client-side password validation CWE-602 in lumasoft fotoShare Cloud 2025-03-13 allowing unauthenticated attackers to view password-protected photo albums...

5.8CVSS0.00363EPSS
Exploits1References3
OSV
OSV
added 2025/08/27 2:15 p.m.4 views

CVE-2025-56694

Client-side password validation CWE-602 in lumasoft fotoShare Cloud 2025-03-13 allowing unauthenticated attackers to view password-protected photo albums...

5.8CVSS5.8AI score0.00363EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/08/27 12:0 a.m.7 views

CVE-2025-56694

Client-side password validation CWE-602 in lumasoft fotoShare Cloud 2025-03-13 allowing unauthenticated attackers to view password-protected photo albums...

0.00363EPSS
Exploits1References3
CVE
CVE
added 2025/08/27 12:0 a.m.19 views

CVE-2025-56694

The CVE-2025-56694 affects lumasoft fotoShare Cloud (version 2025-03-13). The vulnerability is a client-side password validation issue (CWE-602) that could allow unauthenticated attackers to view password-protected photo albums. Root cause appears to be improper client-side validation. CVSS v3.1 ...

5.8CVSS6.8AI score0.00363EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/16 7:25 a.m.2 views

CVE-2025-7499 BetterDocs <= 4.1.1 - Missing Authorization to Private And Password-Protected Posts Information Disclosure

The BetterDocs – Advanced AI-Driven Documentation, FAQ & Knowledge Base Tool for Elementor & Gutenberg with Encyclopedia, AI Support, Instant Answers plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getresponse function in all versions up ...

5.3CVSS7AI score0.00275EPSS
Exploits0References3
NVD
NVD
added 2025/08/15 9:15 a.m.21 views

CVE-2025-8091

The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the addsingleeventon and addeventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to...

4.3CVSS0.00377EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/08/15 8:25 a.m.30 views

CVE-2025-8091 EventON Lite <= 2.4.7 - Authenticated (Contributor+) Information Disclosure

The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the addsingleeventon and addeventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to...

4.3CVSS0.00377EPSS
Exploits0References7
NVD
NVD
added 2025/08/14 9:15 a.m.6 views

CVE-2025-5998

The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API...

6.5CVSS0.0029EPSS
Exploits1References1
OSV
OSV
added 2025/07/04 10:15 a.m.5 views

CVE-2025-5920

The Sharable Password Protected Posts before version 1.1.1 allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API...

7.5CVSS5.8AI score0.0038EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/07/04 12:0 a.m.3 views

WordPress plugin Sharable Password Protected Posts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress Sharable Password Protected Posts, which stems from the REST API exposing a key that can be exploited by an...

7.5CVSS6.3AI score0.0038EPSS
Exploits1References2
Rows per page
Query Builder