728 matches found
Authentication Bypass
Lobe Chat is vulnerable to Authentication Bypass. The vulnerability is caused due to missing authentication checks within route.ts when the application is password-protected deployed with the ACCESSCODE option. This allows an attacker to access plugins without proper authorization...
CVE-2023-6447
The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name...
CVE-2023-6447 EventPrime < 3.3.6 - Unauthenticated Event Access
The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name...
VulnCheck KEV: CVE-2023-2796
The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id...
CVE-2023-5922
The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action and REST endpoint, currently disabled in the plugin have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protect...
CVE-2023-5922 Royal Elementor Addons and Templates < 1.3.81 - Unauthenticated Arbitrary Post Read
The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action and REST endpoint, currently disabled in the plugin have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protect...
EventPrime < 3.3.6 - Unauthenticated Event Access
Description The plugin lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name. PoC 1. Create a password-protected event or a private event then publish it. 2. Access to the URL on a private...
EventPrime < 3.3.6 - Unauthenticated Event Access
Description The plugin lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name. 1. Create a password-protected event or a private event then publish it. 2. Access to the URL on a private...
CVE-2023-6250
The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag...
CVE-2023-6250
The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag...
Design/Logic Flaw
The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag...
CVE-2023-6250 BestWebSoft's Like & Share < 2.74 - Unauthenticated Password Protected Post Read
The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag...
PT-2023-32576 · Bestwebsoft · Like & Share
Name of the Vulnerable Software and Affected Versions: BestWebSoft's Like & Share WordPress plugin versions prior to 2.74 Description: The issue allows unauthenticated users to access the content of password-protected posts via a meta tag. Recommendations: For versions prior to 2.74, update to...
CVE-2023-5949
The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content...
CVE-2023-6077
The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protect...
CVE-2023-6203
The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request...
Default credentials
The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content...
Cross site request forgery (csrf)
The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request...
CVE-2023-5949 SmartCrawl WordPress SEO checker < 3.8.3 - Unauthenticated Password Protected Post Disclosure
The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content...
CVE-2023-6203 The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read
The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request...