Lucene search
K

728 matches found

wpexploit
wpexploit
added 2024/03/21 12:0 a.m.141 views

Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read

Description The plugin does not ensure that post content displayed via an AJAX action are accessible to the user, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts When logged in as a subscriber, open the following URL and note that the conten...

6.8AI score0.00427EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/03/21 12:0 a.m.17 views

Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read

Description The plugin does not ensure that post content displayed via an AJAX action are accessible to the user, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts PoC When logged in as a subscriber, open the following URL and note that the...

6.5AI score0.00427EPSS
Exploits2Affected Software1
CNNVD
CNNVD
added 2024/03/20 12:0 a.m.3 views

WordPress Plugin Smart Custom Fields Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

4.3CVSS6.4AI score0.0058EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/03/13 3:26 p.m.28 views

CVE-2024-0592 Related Posts for WordPress <= 2.2.1 - Cross-Site Request Forgery

The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handlecreatelink function. This makes it possible for unauthenticated attackers to add related...

5.4CVSS5.4AI score0.00285EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/13 3:26 p.m.12 views

CVE-2024-0592 Related Posts for WordPress <= 2.2.1 - Cross-Site Request Forgery

The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handlecreatelink function. This makes it possible for unauthenticated attackers to add related...

5.4CVSS6.6AI score0.00285EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/03/13 12:0 a.m.21 views

Related Posts for WordPress < 2.2.2 - Cross-Site Request Forgery

Description The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handlecreatelink function. This makes it possible for unauthenticated attackers to...

5.4CVSS6.7AI score0.00285EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/13 12:0 a.m.13 views

Accordion < 2.2.97 - Missing Authorization to Authenticated(Contributor+) Post Duplication

Description The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordionsduplicatepostasdraft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers,...

5.4CVSS6.5AI score0.00481EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/03/12 11:15 p.m.2 views

CVE-2023-7072

The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'getposts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft...

7.5CVSS5.4AI score0.00618EPSS
Exploits0References4
Prion
Prion
added 2024/03/12 11:15 p.m.12 views

Default credentials

The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'getposts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft...

5CVSS7.2AI score0.00618EPSS
Exploits0References3
NVD
NVD
added 2024/03/12 10:15 p.m.34 views

CVE-2024-2107

The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.3 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled posts...

7.5CVSS5.5AI score0.00474EPSS
Exploits0References2
OSV
OSV
added 2024/03/12 10:15 p.m.9 views

CVE-2024-2107

The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.4 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled posts...

7.5CVSS5.8AI score0.00474EPSS
Exploits0References2
Prion
Prion
added 2024/03/12 10:15 p.m.22 views

Design/Logic Flaw

The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.4 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled posts...

5CVSS7AI score0.00474EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/12 9:34 p.m.27 views

CVE-2024-2107 Blossom Spa <= 1.3.3 - Sensitive Information Exposure

The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.3 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled posts...

5.8CVSS5.7AI score0.00474EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/03/12 12:0 a.m.13 views

Blossom Spa < 1.3.5 - Sensitive Information Exposure

Description The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.4 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled...

7.5CVSS6.7AI score0.00474EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/03/12 12:0 a.m.6 views

WordPress Plugin Blossom Spa Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

7.5CVSS6.5AI score0.00474EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:10 a.m.20 views

BIT-WORDPRESS-MULTISITE-2021-29450 WordPress Authenticated disclosure of password-protected posts and pages

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases...

6.5CVSS5.3AI score0.02331EPSS
Exploits1References5
OSV
OSV
added 2024/03/05 2:15 a.m.4 views

CVE-2024-1769

The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 12 via the meta description data. This makes it possible for unauthenticated attackers to view password protected post content when viewing the page source...

5.3CVSS5.8AI score0.00611EPSS
Exploits0References2
OSV
OSV
added 2024/03/05 2:15 a.m.5 views

CVE-2024-1088

The Password Protected Store for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including post titles and content...

5.3CVSS5.8AI score0.00577EPSS
Exploits0References2
Prion
Prion
added 2024/03/05 2:15 a.m.18 views

Design/Logic Flaw

The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 12 via the meta description data. This makes it possible for unauthenticated attackers to view password protected post content when viewing the page source...

5CVSS5.3AI score0.00611EPSS
Exploits0References2
Prion
Prion
added 2024/03/05 2:15 a.m.23 views

Information disclosure

The Password Protected Store for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including post titles and content...

5CVSS5.2AI score0.00577EPSS
Exploits0References2
Rows per page
Query Builder