Lucene search
K

728 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:1 a.m.9 views

CVE-2023-1809

The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files...

7.5CVSS6.7AI score0.00738EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:0 a.m.6 views

CVE-2023-1524

The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any fil...

6.5CVSS8.7AI score0.00737EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:59 a.m.4 views

CVE-2023-1371

The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them...

6.5CVSS6.7AI score0.00654EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:20 a.m.7 views

CVE-2022-45968

Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder even a password protected one...

8.8CVSS6.9AI score0.00973EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.8 views

CVE-2021-24635

The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user such as subscriber to call them and 1 Get and search through title and content of Draft post, ...

5.5CVSS6.7AI score0.00615EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:0 p.m.3 views

CVE-2021-20170

Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password...

8.8CVSS7AI score0.005EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:39 p.m.13 views

CVE-2002-2369

Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL...

5CVSS7.1AI score0.01218EPSS
Exploits0References1
HackRead
HackRead
added 2025/05/01 11:59 a.m.7 views

Ticket Resale Platform TicketToCash Left 200GB of User Data Exposed

A misconfigured, non-password-protected database belonging to TicketToCash exposed data from 520,000 customers, including PII and partial financial details.…...

7.1AI score
Exploits0
CNNVD
CNNVD
added 2025/04/17 12:0 a.m.4 views

WordPress plugin Password Protected 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.1AI score0.00306EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.5 views

PT-2025-16952 · WordPress · Password Protect

Name of the Vulnerable Software and Affected Versions: Password Protected plugin versions up to, and including, 2.7.7 Description: The issue allows unauthenticated attackers to extract sensitive data, including all protected site content, if the 'Use Transient' setting is enabled. This is possibl...

5.3CVSS6.1AI score0.00306EPSS
Exploits0References9
The Hacker News
The Hacker News
added 2025/03/20 3:39 p.m.34 views

YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users

YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking users. "What's intriguing about this malware is how much it collects," Kaspersky said in an analysis. "It grabs account information from VPN and...

6.6AI score
Exploits0
OSV
OSV
added 2025/03/08 10:15 a.m.3 views

CVE-2025-1322

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated...

4.3CVSS7.3AI score0.00417EPSS
Exploits0References2
NVD
NVD
added 2025/03/08 10:15 a.m.46 views

CVE-2025-1322

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated...

4.3CVSS0.00417EPSS
Exploits0References2
OSV
OSV
added 2025/03/08 3:15 a.m.3 views

CVE-2025-1504

The Post Lockdown plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.0.2 via the 'plautocomplete' AJAX action due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Subscriber-level...

6.5CVSS7.3AI score
Exploits0References2
OSV
OSV
added 2025/02/13 7:15 a.m.9 views

CVE-2025-0661

The DethemeKit For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the duplicatepost function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00263EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/20 12:0 a.m.4 views

easy-rsa 加密问题漏洞

easy-rsa is a simple shell-based CA utility from the OpenVPN open source. A security vulnerability exists in easy-rsa versions 3.0.5 through 3.1.7, which stems from the fact that when creating a password-protected CA private key using the easyrsa build-ca command, Easy-RSA incorrectly uses the...

5.3CVSS5.4AI score0.00081EPSS
Exploits0References2
OSV
OSV
added 2025/01/08 7:15 a.m.5 views

CVE-2024-12584

The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

6.5CVSS7.3AI score0.00349EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/08 12:0 a.m.9 views

PT-2025-1900 · WordPress · The 140+ Widgets | Xpro Addons For Elementor

Name of the Vulnerable Software and Affected Versions: 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress versions up to, and including, 1.4.6.2 Description: The issue allows authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data...

6.5CVSS7.2AI score0.00349EPSS
Exploits0References8
OSV
OSV
added 2024/12/25 7:15 a.m.5 views

CVE-2024-12335

The Avada Fusion Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handleclonepost function and the 'fusionblog' shortcode and due to insufficient restrictions on which posts can be included. This makes it possible for...

4.3CVSS5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2024/12/25 12:0 a.m.5 views

WordPress plugin Avada Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.3CVSS8.1AI score0.00359EPSS
Exploits0References2
Rows per page
Query Builder