Lucene search
K

728 matches found

OSV
OSV
added 2024/09/10 12:15 p.m.2 views

CVE-2024-8369

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for unauthenticated attackers to view...

5.3CVSS5.8AI score0.00349EPSS
Exploits0References2
NVD
NVD
added 2024/09/10 12:15 p.m.21 views

CVE-2024-8369

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for unauthenticated attackers to view...

5.3CVSS0.00349EPSS
Exploits0References2
CVE
CVE
added 2024/09/10 11:30 a.m.53 views

CVE-2024-8369

CVE-2024-8369 affects the WordPress plugin EventPrime – Events Calendar, Bookings and Tickets (≤ 4.0.4.3). The vulnerability arises from missing authorization checks, allowing unauthenticated attackers to view private or password-protected events. The issue is classified with a CVSS v3.1 base sco...

5.3CVSS5.6AI score0.00349EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/10 1:24 a.m.4 views

WordPress EventPrime plugin <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure vulnerability

Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure vulnerability discovered by Miguel Santareno in WordPress Plugin EventPrime versions = 4.0.4.3...

5.3CVSS7AI score0.00349EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/09/05 7:15 a.m.7 views

CVE-2024-6835

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajaxloadposts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the...

5.3CVSS5.8AI score0.00529EPSS
Exploits0References4
CVE
CVE
added 2024/09/05 6:41 a.m.48 views

CVE-2024-6835

CVE-2024-6835 affects Ivory Search – WordPress Search Plugin, with information exposure in the ajax_load_posts path affecting all versions up to 5.5.6. Unauthenticated attackers could extract text from password-protected posts via a boolean-based attack on the AJAX search form. Public reviews/ent...

5.3CVSS5.6AI score0.00529EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/09/04 7:15 a.m.3 views

CVE-2024-8123

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicatepost function due to missing validation on a user controlled key. This makes it possible for authenticated attackers...

5.4CVSS5.8AI score0.00309EPSS
Exploits0References3
NVD
NVD
added 2024/09/04 7:15 a.m.13 views

CVE-2024-8123

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicatepost function due to missing validation on a user controlled key. This makes it possible for authenticated attackers...

5.4CVSS0.00309EPSS
Exploits0References3
CVE
CVE
added 2024/09/04 6:49 a.m.53 views

CVE-2024-8123

CVE-2024-8123 affects the WordPress plugin “The Ultimate WordPress Toolkit – WP Extended” (

5.4CVSS5.6AI score0.00309EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/09/04 6:49 a.m.21 views

CVE-2024-8123 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Insecure Direct Object Reference

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicatepost function due to missing validation on a user controlled key. This makes it possible for authenticated attackers...

5.4CVSS0.00309EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.6 views

PT-2024-37894 · WordPress · The Ivory Search

Name of the Vulnerable Software and Affected Versions: The Ivory Search – WordPress Search Plugin versions up to, and including, 5.5.6 Description: The issue allows unauthenticated attackers to extract text data from password-protected posts using a boolean-based attack on the AJAX search form...

5.3CVSS7AI score0.00529EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.7 views

PT-2024-38814 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress versions up to, and including, 3.0.8 Description: The issue allows authenticated attackers with Contributor-level access and above to duplicate posts written by other authors,...

5.4CVSS7.1AI score0.00309EPSS
Exploits0References8
OSV
OSV
added 2024/08/29 1:15 p.m.7 views

CVE-2024-3679

The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data...

7.5CVSS5.8AI score0.0041EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/29 12:31 p.m.37 views

CVE-2024-3679 Premium SEO Pack – WP SEO Plugin <= 1.6.002 - Unauthenticated Information Exposure

The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.002. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data...

5.3CVSS0.0041EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/29 12:0 a.m.5 views

WordPress plugin Premium SEO Pack – WP SEO Plugin 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. WordPress plugin Premium S...

7.5CVSS6.1AI score0.0041EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/29 12:0 a.m.6 views

PT-2024-27161 · WordPress · The Premium Seo Pack – Wp Seo Plugin

Name of the Vulnerable Software and Affected Versions: The Premium SEO Pack – WP SEO Plugin plugin for WordPress versions up to, and including, 1.6.001 Description: The issue allows unauthenticated attackers to view limited information from password-protected posts through the social meta data...

7.5CVSS6.6AI score0.0041EPSS
Exploits0References8
OSV
OSV
added 2024/08/28 2:15 p.m.4 views

CVE-2024-8195

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debugdata', 'debugquery', and 'debugredirect' functions in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to extra...

5.3CVSS5.8AI score0.00532EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/28 12:0 a.m.5 views

PT-2024-38867 · WordPress · Permalink Manager Lite

Name of the Vulnerable Software and Affected Versions: Permalink Manager Lite plugin for WordPress versions up to, and including, 2.4.4 Description: The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the debug data,...

5.3CVSS6.4AI score0.00532EPSS
Exploits0References9
OSV
OSV
added 2024/08/16 3:15 a.m.8 views

CVE-2024-7630

The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 via the relevanssidoquery due to insufficient limitations on the posts that are returned when searching. This makes it possible for unauthenticated attackers to...

7.5CVSS5.8AI score0.00478EPSS
Exploits0References2
CVE
CVE
added 2024/08/16 1:59 a.m.50 views

CVE-2024-7630

CVE-2024-7630 affects the WordPress plugin “Relevanssi – A Better Search” up to and including version 4.22.2. The root cause is insufficient restrictions on posts returned by relevanssi_do_query(), enabling unauthenticated attackers to expose potentially sensitive information from password-protec...

7.5CVSS5.9AI score0.00478EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder