Lucene search
K

728 matches found

Positive Technologies
Positive Technologies
added 2024/08/15 12:0 a.m.6 views

PT-2024-38465 · WordPress · Relevanssi

Name of the Vulnerable Software and Affected Versions: The Relevanssi – A Better Search plugin for WordPress versions up to, and including, 4.22.2 Description: The issue allows unauthenticated attackers to extract potentially sensitive information from password protected posts due to insufficient...

7.5CVSS6.9AI score0.00478EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/07/27 1:51 a.m.24 views

CVE-2024-1798 Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_lp_export_xml

The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutorlpexportxml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including privat...

5.3CVSS0.00411EPSS
Exploits0References3
OSV
OSV
added 2024/07/09 9:15 a.m.5 views

CVE-2024-3228

The Social Sharing Plugin – Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. This makes it possible for unauthenticated attackers to view limited content from password protected posts...

5.3CVSS5.8AI score0.00411EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/09 8:33 a.m.32 views

CVE-2024-3228 Social Sharing Plugin – Kiwi <= 2.1.7 - Information Disclosure

The Social Sharing Plugin – Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. This makes it possible for unauthenticated attackers to view limited content from password protected posts...

5.3CVSS0.00411EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/09 8:33 a.m.13 views

CVE-2024-3228 Social Sharing Plugin – Kiwi <= 2.1.7 - Information Disclosure

The Social Sharing Plugin – Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. This makes it possible for unauthenticated attackers to view limited content from password protected posts...

5.3CVSS6.9AI score0.00411EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/28 6:57 a.m.25 views

CVE-2024-2795 SEO SIMPLE PACK <= 3.2.1 - Information Exposure

The SEO SIMPLE PACK plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.1 via META description. This makes it possible for unauthenticated attackers to extract limited information about password protected posts...

5.3CVSS7AI score0.00537EPSS
Exploits0References3
CVE
CVE
added 2024/06/28 6:57 a.m.61 views

CVE-2024-2795

CVE-2024-2795 pertains to the SEO SIMPLE PACK WordPress plugin and describes an Information Exposure vulnerability in all versions up to 3.2.1. According to connected sources, the issue arises via the META description, allowing unauthenticated attackers to extract limited information about passwo...

5.3CVSS5.6AI score0.00537EPSS
Exploits0References3
Trellix
Trellix
added 2024/06/17 12:0 a.m.10 views

Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion

Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion By Ale Houspanossian · June 17, 2024 Case Summary It was a quiet Monday morning in March 2024 when the EDR researchers with our Trellix Advanced Research Center identifi...

7.9AI score
Exploits0
OSV
OSV
added 2024/06/14 6:15 a.m.4 views

CVE-2024-1295

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. e.g. password-protected events, drafts, etc...

6.5CVSS5.8AI score0.00464EPSS
Exploits2References1
NVD
NVD
added 2024/06/13 6:15 a.m.31 views

CVE-2024-2098

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected fil...

7.5CVSS0.00454EPSS
Exploits0References2
OSV
OSV
added 2024/06/13 6:15 a.m.6 views

CVE-2024-2098

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected fil...

7.5CVSS5.8AI score0.00454EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/13 5:34 a.m.16 views

CVE-2024-2098 Download Manager <= 3.2.89 - Improper Authorization via protectMediaLibrary

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected fil...

7.5CVSS6.8AI score0.00454EPSS
Exploits0References2
CVE
CVE
added 2024/06/13 5:34 a.m.71 views

CVE-2024-2098

CVE-2024-2098 affects the WordPress Download Manager plugin. The flaw is an improper authorization check in protectMediaLibrary, impacting all versions up to and including 3.2.89 and enables unauthenticated attackers to download password‑protected files. A fixed release exists (3.2.90) per Patchs...

7.5CVSS7.5AI score0.00454EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/06/06 4:15 a.m.3 views

CVE-2024-5615

The Open Graph plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.2 via the 'opengraphdefaultdescription' function. This makes it possible for unauthenticated attackers to extract sensitive data including partial content of...

5.3CVSS5.9AI score0.00452EPSS
Exploits0References4
NVD
NVD
added 2024/06/06 4:15 a.m.17 views

CVE-2024-5615

The Open Graph plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.2 via the 'opengraphdefaultdescription' function. This makes it possible for unauthenticated attackers to extract sensitive data including partial content of...

5.3CVSS5AI score0.00452EPSS
Exploits0References3
CVE
CVE
added 2024/06/06 3:32 a.m.66 views

CVE-2024-5615

The CVE-2024-5615 entry concerns the WordPress Open Graph plugin vulnerability allowing Sensitive Information Exposure via opengraph_default_description in versions up to 1.11.2. Connected Red Hat entry repeats this description; no additional technical details (e.g., patch version or concrete exp...

5.3CVSS5.4AI score0.00452EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/06/04 9:29 a.m.37 views

CVE-2023-46630 WordPress Admin and Site Enhancements (ASE) plugin <= 5.7.1 - Password Protected View Bypass Vulnerability vulnerability

Improper Authentication vulnerability in wpase Admin and Site Enhancements ASE allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Admin and Site Enhancements ASE: from n/a through 5.7.1...

7.5CVSS7.6AI score0.00447EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/04 9:29 a.m.26 views

CVE-2023-46630 WordPress Admin and Site Enhancements (ASE) plugin <= 5.7.1 - Password Protected View Bypass Vulnerability vulnerability

Improper Authentication vulnerability in wpase Admin and Site Enhancements ASE allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Admin and Site Enhancements ASE: from n/a through 5.7.1...

7.5CVSS7AI score0.00447EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/03 12:0 a.m.12 views

WPUpper Share Buttons <= 3.43 - Missing Authorization

Description The WPUpper Share Buttons plugin for WordPress is vulnerable to unauthorized access of data when preparing sharing links for posts and pages in all versions up to, and including, 3.43. This makes it possible for unauthenticated attackers to obtain the contents of password protected...

5.3CVSS6.8AI score0.00423EPSS
Exploits0References1
CVE
CVE
added 2024/05/23 5:32 a.m.77 views

CVE-2024-3626

CVE-2024-3626: The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin has a Missing Authorization flaw in get_template_content that allows authenticated users with subscriber access and above to read private and password‑protected po...

4.3CVSS4.6AI score0.00369EPSS
Exploits0References4
Rows per page
Query Builder