728 matches found
CVE-2025-9034 Wp Edit Password Protected < 1.3.5 - Open Redirect
The Wp Edit Password Protected WordPress plugin before 1.3.5 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...
PT-2025-37118
Name of the Vulnerable Software and Affected Versions: Wp Edit Password Protected WordPress plugin versions prior to 1.3.5 Description: The Wp Edit Password Protected WordPress plugin does not validate a parameter before redirecting the user to its value, resulting in an Open Redirect issue...
WordPress plugin Wp Edit Password Protected security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2025-7368
The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the 'ajaxactionregetfullcontent' function due to insufficient restrictions on which posts can be included. This makes i...
CVE-2025-7368
CVE-2025-7368 — REHub WordPress Theme: Unauthenticated information exposure in REHub up to version 19.9.7 due to insufficient restrictions in the ajax_action_re_getfullcontent path, allowing access to password-protected post data. Affected: REHub Theme for WordPress (versions ≤ 19.9.7). Root caus...
CVE-2025-7368 Rehub <= 19.9.7 - Unauthenticated Password Protected Post Disclosure
The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the 'ajaxactionregetfullcontent' function due to insufficient restrictions on which posts can be included. This makes i...
CVE-2025-7368 Rehub <= 19.9.7 - Unauthenticated Password Protected Post Disclosure
The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the 'ajaxactionregetfullcontent' function due to insufficient restrictions on which posts can be included. This makes i...
PT-2025-36348
Name of the Vulnerable Software and Affected Versions: REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme versions prior to 19.9.8 Description: The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme for WordPress is susceptible to information exposure due to...
WordPress Rehub theme <= 19.9.7 - Unauthenticated Password Protected Post Disclosure vulnerability
Unauthenticated Password Protected Post Disclosure vulnerability discovered by stealthcopter in WordPress Theme Rehub versions = 19.9.7...
DRUPAL-CONTRIB-2025-101
This module enables you to protect individual pages with a password. The module doesn't limit the number of password attempts, making it vulnerable to brute force attacks. This vulnerability is mitigated by the fact that an attacker must know the protected page's URL. CVSS risk score experimental...
CVE-2025-56694
Client-side password validation CWE-602 in lumasoft fotoShare Cloud 2025-03-13 allowing unauthenticated attackers to view password-protected photo albums...
CVE-2025-56694
Client-side password validation CWE-602 in lumasoft fotoShare Cloud 2025-03-13 allowing unauthenticated attackers to view password-protected photo albums...
CVE-2025-56694
Client-side password validation CWE-602 in lumasoft fotoShare Cloud 2025-03-13 allowing unauthenticated attackers to view password-protected photo albums...
CVE-2025-56694
The CVE-2025-56694 affects lumasoft fotoShare Cloud (version 2025-03-13). The vulnerability is a client-side password validation issue (CWE-602) that could allow unauthenticated attackers to view password-protected photo albums. Root cause appears to be improper client-side validation. CVSS v3.1 ...
CVE-2025-7499 BetterDocs <= 4.1.1 - Missing Authorization to Private And Password-Protected Posts Information Disclosure
The BetterDocs – Advanced AI-Driven Documentation, FAQ & Knowledge Base Tool for Elementor & Gutenberg with Encyclopedia, AI Support, Instant Answers plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getresponse function in all versions up ...
CVE-2025-8091
The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the addsingleeventon and addeventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to...
CVE-2025-8091 EventON Lite <= 2.4.7 - Authenticated (Contributor+) Information Disclosure
The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the addsingleeventon and addeventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to...
CVE-2025-5998
The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API...
CVE-2025-5920
The Sharable Password Protected Posts before version 1.1.1 allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API...
WordPress plugin Sharable Password Protected Posts 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress Sharable Password Protected Posts, which stems from the REST API exposing a key that can be exploited by an...