728 matches found
CVE-2023-1809
The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files...
CVE-2023-1524
The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any fil...
CVE-2023-1371
The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them...
CVE-2022-45968
Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder even a password protected one...
CVE-2021-24635
The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user such as subscriber to call them and 1 Get and search through title and content of Draft post, ...
CVE-2021-20170
Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password...
CVE-2002-2369
Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL...
Ticket Resale Platform TicketToCash Left 200GB of User Data Exposed
A misconfigured, non-password-protected database belonging to TicketToCash exposed data from 520,000 customers, including PII and partial financial details.…...
WordPress plugin Password Protected 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-16952 · WordPress · Password Protect
Name of the Vulnerable Software and Affected Versions: Password Protected plugin versions up to, and including, 2.7.7 Description: The issue allows unauthenticated attackers to extract sensitive data, including all protected site content, if the 'Use Transient' setting is enabled. This is possibl...
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking users. "What's intriguing about this malware is how much it collects," Kaspersky said in an analysis. "It grabs account information from VPN and...
CVE-2025-1322
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated...
CVE-2025-1322
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated...
CVE-2025-1504
The Post Lockdown plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.0.2 via the 'plautocomplete' AJAX action due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-0661
The DethemeKit For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the duplicatepost function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with...
easy-rsa 加密问题漏洞
easy-rsa is a simple shell-based CA utility from the OpenVPN open source. A security vulnerability exists in easy-rsa versions 3.0.5 through 3.1.7, which stems from the fact that when creating a password-protected CA private key using the easyrsa build-ca command, Easy-RSA incorrectly uses the...
CVE-2024-12584
The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
PT-2025-1900 · WordPress · The 140+ Widgets | Xpro Addons For Elementor
Name of the Vulnerable Software and Affected Versions: 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress versions up to, and including, 1.4.6.2 Description: The issue allows authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data...
CVE-2024-12335
The Avada Fusion Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handleclonepost function and the 'fusionblog' shortcode and due to insufficient restrictions on which posts can be included. This makes it possible for...
WordPress plugin Avada Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...