Lucene search
K

728 matches found

OSV
OSV
added 2024/12/19 7:15 a.m.2 views

CVE-2024-12560

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btnblockduplicatepost' function. This makes it possible for authenticated attackers, with Contributor-leve...

6.5CVSS7.3AI score0.00355EPSS
Exploits0References2
OSV
OSV
added 2024/12/19 6:15 a.m.6 views

CVE-2024-11768

The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download...

5.3CVSS5.8AI score0.00333EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/19 12:0 a.m.3 views

PT-2024-17244 · WordPress · Download Manager

Name of the Vulnerable Software and Affected Versions: Download Manager plugin for WordPress versions up to, and including, 3.3.03 Description: The issue allows unauthorized download of password-protected content due to improper password validation on the checkFilePassword function. This makes it...

5.3CVSS9.6AI score0.00333EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/12/16 7:28 a.m.4 views

WordPress The Events Calendar plugin < 6.8.2.1 - Unauthenticated Password Protected Event Disclosure vulnerability

Unauthenticated Password Protected Event Disclosure vulnerability discovered by Felipe Caon in WordPress Plugin The Events Calendar versions 6.8.2.1...

5.3CVSS7AI score0.01071EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/12/16 6:15 a.m.9 views

CVE-2024-5333

The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events...

5.3CVSS7.3AI score0.01071EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/12/16 6:0 a.m.13 views

CVE-2024-5333 The Events Calendar < 6.8.2.1 - Unauthenticated Password Protected Event Disclosure

The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events...

6.8AI score0.01071EPSS
Exploits1References1
CVE
CVE
added 2024/12/16 6:0 a.m.113 views

CVE-2024-5333

The Events Calendar WordPress plugin (vendor: stellarwp) before version 6.8.2.1 has missing access checks in its REST API, allowing unauthenticated users to access information about password-protected events. The NVD/Nuclei and related sources confirm this information disclosure vector with explo...

5.3CVSS6.5AI score0.01071EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/12/16 12:0 a.m.4 views

WordPress plugin The Events Calendar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

5.3CVSS8.1AI score0.01071EPSS
Exploits1References1
OSV
OSV
added 2024/12/12 7:15 a.m.4 views

CVE-2024-11181

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wpreusablerender' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticate...

4.3CVSS7.3AI score0.00475EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.2 views

WordPress plugin Greenshift 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.3CVSS8.5AI score0.00475EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.5 views

PT-2024-39502 · WordPress · Wpdash Notes

Name of the Vulnerable Software and Affected Versions: WPDash Notes plugin for WordPress versions prior to 1.3.5 Description: The issue is related to a missing capability check on the wp ajax post it list comment function, allowing authenticated attackers with Subscriber-level access and above to...

4.3CVSS9.3AI score0.00358EPSS
Exploits0References4
OSV
OSV
added 2024/11/21 11:15 a.m.5 views

CVE-2024-10671

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the btnblock shortcode due to insufficient restrictions on which posts can be included. This makes it possible for...

6.5CVSS5.8AI score0.00506EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.4 views

PT-2024-16442 · WordPress · The Easy Twitter Feed – Twitter Feeds Plugin For Wp

Name of the Vulnerable Software and Affected Versions: The Easy Twitter Feed – Twitter feeds plugin for WP plugin for WordPress version 1.2.6 and earlier Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from password protected, private,...

4.3CVSS9.4AI score0.00435EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/11/15 5:8 p.m.22 views

CVE-2024-52513 Nextcloud Server's Attachments folder for Text app is accessible on "Files drop" and "Password protected" shares

Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to download attachments that are referenced in Text files without providing the password. It is recommended that the Nextcloud Server is upgraded to...

2.6CVSS0.00513EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.1 views

PT-2024-35352 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.11 Nextcloud Server versions prior to 29.0.8 Nextcloud Server versions prior to 30.0.1 Nextcloud Enterprise Server versions prior to 25.0.13.13 Nextcloud Enterprise Server versions prior to 26.0.13.9...

9.8CVSS5.8AI score0.01041EPSS
Exploits6References92
CNNVD
CNNVD
added 2024/11/09 12:0 a.m.3 views

WordPress plugin Attesa Extra 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS8.1AI score0.00294EPSS
Exploits0References2
OSV
OSV
added 2024/10/24 9:15 a.m.5 views

CVE-2024-10050

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfetemplate shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view the contents of Draft...

4.3CVSS5.8AI score0.00471EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/18 12:0 a.m.7 views

PT-2024-39915 · WordPress · Elementinvader Addons For Elementor

Name of the Vulnerable Software and Affected Versions: ElementInvader Addons for Elementor plugin for WordPress versions up to, and including, 1.2.9 Description: The issue allows authenticated attackers with contributor-level access and above to view private, draft, and password-protected posts,...

4.3CVSS6.2AI score0.00335EPSS
Exploits0References8
OSV
OSV
added 2024/10/17 4:15 a.m.5 views

CVE-2024-7417

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the datafetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected...

4.3CVSS5.8AI score0.00403EPSS
Exploits0References3
OSV
OSV
added 2024/09/26 4:15 p.m.3 views

CVE-2024-8771

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'previewemailtemplatedesign' function in all versions up to, and including,...

4.3CVSS5.8AI score0.00352EPSS
Exploits0References3
Rows per page
Query Builder