728 matches found
CVE-2024-3235 Essential Grid <= 3.1.1 - Unauthenticated Private Post Disclosure
The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the onfrontajaxaction function. This makes it possible for unauthenticated attackers to view private and password protected posts that m...
PT-2024-24526 · WordPress · Essential Grid Gallery
Name of the Vulnerable Software and Affected Versions: The Essential Grid Gallery WordPress Plugin versions up to, and including, 3.1.1 Description: The issue allows unauthenticated attackers to view private and password-protected posts that may contain sensitive information. This is possible due...
CVE-2024-2093
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content...
CVE-2024-1984
The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source...
AZL-43177 CVE-2024-1984 affecting package graphene 1.10.4-3
The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source...
AZL-43182 CVE-2024-1984 affecting package graphene 1.10.8-1
The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source...
CVE-2024-1641
The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordionsduplicatepostasdraft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with...
CVE-2024-2093
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content...
CVE-2024-1984 Graphene <= 2.9.2 - Missing Authorization
The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source...
CVE-2024-1641 Accordion <= 2.2.96 - Missing Authorization to Authenticated(Contributor+) Post Duplication
The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordionsduplicatepostasdraft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with...
WordPress Theme Graphene 安全漏洞
WordPress is a blogging platform developed in the PHP language by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme Graphene 2.9.2 and earlier versions,...
PT-2024-18189 · WordPress · Accordion
Name of the Vulnerable Software and Affected Versions: Accordion plugin for WordPress versions up to and including 2.2.96 Description: The issue allows authenticated attackers with contributor access and above to access and modify data due to a missing capability check on the accordions duplicate...
PT-2024-18472 · WordPress · Graphene
Name of the Vulnerable Software and Affected Versions: The Graphene theme for WordPress versions up to, and including, 2.9.2 Description: The issue allows unauthorized access to data via a meta tag, making it possible for unauthenticated individuals to obtain post contents of password-protected...
CVE-2024-2950
The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information og:description This makes it possible for unauthenticated attackers to view the first 130 characters of a password protecte...
CVE-2024-2950 BoldGrid Easy SEO – Simple and Effective SEO <= 1.6.14 - Information Exposure
The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information og:description This makes it possible for unauthenticated attackers to view the first 130 characters of a password protecte...
PT-2024-22926 · Boldgrid · Boldgrid Easy Seo
Name of the Vulnerable Software and Affected Versions: The BoldGrid Easy SEO plugin for WordPress versions up to, and including, 1.6.14 Description: The issue allows unauthenticated attackers to view the first 130 characters of a password-protected post, which can contain sensitive information, v...
WordPress Hubbub Lite plugin < 1.33.1 - Unauthenticated Password Protected Posts Access vulnerability
Unauthenticated Password Protected Posts Access vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Hubbub Lite versions 1.33.1...
CVE-2024-1526
The Hubbub Lite WordPress plugin before 1.33.1 does not ensure that user have access to password protected post before displaying its content in a meta tag...
CVE-2024-1526 Hubbub Lite < 1.33.1 - Unauthenticated Password Protected Posts Access
The Hubbub Lite WordPress plugin before 1.33.1 does not ensure that user have access to password protected post before displaying its content in a meta tag...
VK All in One Expansion Unit < 9.96.0.0 - Unauthenticated Password Protected Content Access
Description The plugin is vulnerable to Sensitive Information Exposure via social meta tags, allowing unauthenticated attackers to view limited password protected content...