Lucene search
K

728 matches found

CNVD
CNVD
added 2025/07/04 12:0 a.m.2 views

FileBrowser has an unspecified vulnerability (CNVD-2025-22703)

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability that stems from an improper implementation of password-protected links,...

4.3CVSS6.9AI score0.00312EPSS
Exploits1References1
Snyk
Snyk
added 2025/06/30 8:40 p.m.3 views

Authentication Bypass by Primary Weakness

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via the password protected links process. An attacker can gain unauthorized access to files by obtaining or discovering direct...

4.3CVSS6.5AI score0.00312EPSS
Exploits1References2
Snyk
Snyk
added 2025/06/30 8:40 p.m.2 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via the password protected links process. An attacker can gain unauthorized access to files by obtaining or discovering direct download links, which may be exposed through browser history, proxy...

4.3CVSS6.6AI score0.00312EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:29 a.m.10 views

CVE-2024-3679

The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.002. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data...

7.5CVSS5.9AI score0.0041EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:52 a.m.11 views

CVE-2024-7417

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the datafetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected...

4.3CVSS6.7AI score0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:25 a.m.5 views

CVE-2024-3228

The Social Sharing Plugin – Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. This makes it possible for unauthenticated attackers to view limited content from password protected posts...

5.3CVSS6.1AI score0.00411EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:25 a.m.6 views

CVE-2024-6835

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajaxloadposts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the...

5.3CVSS6AI score0.00529EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:15 a.m.5 views

CVE-2024-4997

The WPUpper Share Buttons plugin for WordPress is vulnerable to unauthorized access of data when preparing sharing links for posts and pages in all versions up to, and including, 3.43. This makes it possible for unauthenticated attackers to obtain the contents of password protected posts and page...

5.3CVSS5.9AI score0.00423EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:32 a.m.3 views

CVE-2024-8369

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for unauthenticated attackers to view...

5.3CVSS5.8AI score0.00349EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:21 a.m.7 views

CVE-2024-1995

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level access and above,...

4.3CVSS6.6AI score0.0058EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:20 a.m.6 views

CVE-2024-10671

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the btnblock shortcode due to insufficient restrictions on which posts can be included. This makes it possible for...

6.5CVSS6AI score0.00506EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:20 a.m.5 views

CVE-2024-10084

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7getpostvar shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the...

4.3CVSS5.5AI score0.00344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:18 a.m.4 views

CVE-2024-10692

The PowerPack Elementor Addons Free Widgets, Extensions and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included. This makes it possible for...

4.3CVSS6AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:18 a.m.4 views

CVE-2024-12103

The Content No Cache: prevent specific content from being cached plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.1.2 via the eosdyngetcontent action due to insufficient restrictions on which posts can be included. This makes it possible for...

5.3CVSS6.2AI score0.00386EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:18 a.m.4 views

CVE-2024-10667

The Content Slider Block plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1.5 via the csb shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access...

4.3CVSS6AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:26 a.m.7 views

CVE-2024-0908

The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts function hooked via an AJAX action in all versions up to, and including, 1.13.4. This makes it possible...

5.3CVSS5.8AI score0.00516EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:23 a.m.9 views

CVE-2024-2795

The SEO SIMPLE PACK plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.1 via META description. This makes it possible for unauthenticated attackers to extract limited information about password protected posts...

5.3CVSS6.7AI score0.00537EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:22 a.m.12 views

CVE-2024-5333

The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events...

5.3CVSS6.8AI score0.01071EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:29 a.m.6 views

CVE-2023-7072

The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'getposts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft...

7.5CVSS5.9AI score0.00618EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:11 a.m.10 views

CVE-2023-32580

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPExperts Password Protected plugin = 2.6.2 versions...

5.9CVSS5.6AI score0.00396EPSS
Exploits0References1
Rows per page
Query Builder