728 matches found
CVE-2023-47435
An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass authentication and access password protected pages...
hexo-theme-matery 安全漏洞
hexo-theme-matery is a comprehensive and beautiful Hexo theme based on material design and responsive design by the individual developers at blinkfox. A security vulnerability exists in hexo-theme-matery version v2.0.0, which originated from a vulnerability that allows an attacker to bypass...
CVE-2023-47435
An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass authentication and access password protected pages...
PT-2024-13451 · Unknown · Hexo-Theme-Matery
Name of the Vulnerable Software and Affected Versions: hexo-theme-matery version 2.0.0 Description: The issue lies in the verifyPassword function, allowing attackers to bypass authentication and access password-protected pages. Recommendations: For hexo-theme-matery version 2.0.0, as a temporary...
Download Manager < 3.2.83 - Unauthenticated Password Protected File Bypass
Description The plugin is vulnerable to information disclosure, allowing unauthenticated attackers to bypass password protected file restrictions...
Easy Custom Auto Excerpt < 2.5.0 - Sensitive Information Exposure
Description The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.12. This makes it possible for unauthenticated attackers to obtain excerpts of password-protected posts...
WP Meta SEO < 4.5.13 - Unauthenticated Password Protected Content Access
Description The plugin is vulnerable to Sensitive Information Exposure via the meta description, allowing unauthenticated attackers to disclose potentially sensitive information via the meta description of password-protected posts...
WordPress Combo Blocks plugin < 2.2.76 - Unauthenticated Password Protected Posts Access vulnerability
Unauthenticated Password Protected Posts Access vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Post Grid and Gutenberg Blocks versions 2.2.76...
Element Pack Elementor Addons < 5.6.0 - Sensitive Information Exposure via element_pack_ajax_search
Description The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.5.6 via the elementpackajaxsearch function. This makes it possible for...
CVE-2024-0881
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...
CVE-2024-0881
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...
CVE-2024-0881 Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...
CVE-2024-0881 Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...
TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer
A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. "This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple...
CVE-2024-2966
The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.5.6 via the elementpackajaxsearch function. This makes it possible for...
CVE-2023-6257
The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts...
CVE-2023-6257
The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts...
CVE-2023-6257 Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read
The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts...
PT-2024-22952 · WordPress · Element Pack Elementor Addons
Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.5.6 Description: The issue allows unauthenticated attackers to extract sensitive data, including password-protected post details, via the element pack aja...
WordPress plugin Combo Blocks 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...