Lucene search
K

728 matches found

NVD
NVD
added 2024/04/19 6:15 p.m.9 views

CVE-2023-47435

An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass authentication and access password protected pages...

9.8CVSS7AI score0.00632EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/19 12:0 a.m.4 views

hexo-theme-matery 安全漏洞

hexo-theme-matery is a comprehensive and beautiful Hexo theme based on material design and responsive design by the individual developers at blinkfox. A security vulnerability exists in hexo-theme-matery version v2.0.0, which originated from a vulnerability that allows an attacker to bypass...

9.8CVSS7AI score0.00632EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/19 12:0 a.m.16 views

CVE-2023-47435

An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass authentication and access password protected pages...

7.3AI score0.00632EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/19 12:0 a.m.7 views

PT-2024-13451 · Unknown · Hexo-Theme-Matery

Name of the Vulnerable Software and Affected Versions: hexo-theme-matery version 2.0.0 Description: The issue lies in the verifyPassword function, allowing attackers to bypass authentication and access password-protected pages. Recommendations: For hexo-theme-matery version 2.0.0, as a temporary...

9.8CVSS7.3AI score0.00632EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/04/18 12:0 a.m.22 views

Download Manager < 3.2.83 - Unauthenticated Password Protected File Bypass

Description The plugin is vulnerable to information disclosure, allowing unauthenticated attackers to bypass password protected file restrictions...

7.5CVSS6.6AI score0.00396EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/18 12:0 a.m.11 views

Easy Custom Auto Excerpt < 2.5.0 - Sensitive Information Exposure

Description The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.12. This makes it possible for unauthenticated attackers to obtain excerpts of password-protected posts...

5.3CVSS6.6AI score0.00573EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.18 views

WP Meta SEO < 4.5.13 - Unauthenticated Password Protected Content Access

Description The plugin is vulnerable to Sensitive Information Exposure via the meta description, allowing unauthenticated attackers to disclose potentially sensitive information via the meta description of password-protected posts...

5.3CVSS6.3AI score0.00438EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/15 11:3 a.m.4 views

WordPress Combo Blocks plugin < 2.2.76 - Unauthenticated Password Protected Posts Access vulnerability

Unauthenticated Password Protected Posts Access vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Post Grid and Gutenberg Blocks versions 2.2.76...

5.4CVSS7AI score0.16906EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/12 12:0 a.m.18 views

Element Pack Elementor Addons < 5.6.0 - Sensitive Information Exposure via element_pack_ajax_search

Description The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.5.6 via the elementpackajaxsearch function. This makes it possible for...

7.5CVSS7AI score0.00492EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/04/11 4:15 p.m.13 views

CVE-2024-0881

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...

5.4CVSS6.5AI score0.16906EPSS
Exploits2References1
OSV
OSV
added 2024/04/11 4:15 p.m.4 views

CVE-2024-0881

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...

5.4CVSS5.8AI score0.16906EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/04/11 3:36 p.m.27 views

CVE-2024-0881 Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...

6.8AI score0.16906EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/04/11 3:36 p.m.18 views

CVE-2024-0881 Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...

6.5AI score0.16906EPSS
Exploits2References1
The Hacker News
The Hacker News
added 2024/04/11 11:32 a.m.33 views

TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer

A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. "This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple...

7.2AI score
Exploits0
NVD
NVD
added 2024/04/11 8:15 a.m.20 views

CVE-2024-2966

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.5.6 via the elementpackajaxsearch function. This makes it possible for...

7.5CVSS5.3AI score0.00492EPSS
Exploits0References2
NVD
NVD
added 2024/04/11 5:15 a.m.15 views

CVE-2023-6257

The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts...

4.3CVSS6.4AI score0.00427EPSS
Exploits2References1
OSV
OSV
added 2024/04/11 5:15 a.m.3 views

CVE-2023-6257

The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts...

4.3CVSS7.3AI score0.00427EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/04/11 5:0 a.m.12 views

CVE-2023-6257 Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read

The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts...

6.3AI score0.00427EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/04/11 12:0 a.m.8 views

PT-2024-22952 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.5.6 Description: The issue allows unauthenticated attackers to extract sensitive data, including password-protected post details, via the element pack aja...

7.5CVSS6.7AI score0.00492EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/04/11 12:0 a.m.3 views

WordPress plugin Combo Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

5.4CVSS6.6AI score0.16906EPSS
Exploits2References2
Rows per page
Query Builder