Lucene search
K

728 matches found

Veracode
Veracode
added 2024/02/01 9:20 a.m.16 views

Authentication Bypass

Lobe Chat is vulnerable to Authentication Bypass. The vulnerability is caused due to missing authentication checks within route.ts when the application is password-protected deployed with the ACCESSCODE option. This allows an attacker to access plugins without proper authorization...

5.3CVSS7AI score0.00482EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/01/22 8:15 p.m.5 views

CVE-2023-6447

The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name...

5.3CVSS5.8AI score0.00564EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/01/22 7:14 p.m.25 views

CVE-2023-6447 EventPrime < 3.3.6 - Unauthenticated Event Access

The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name...

5.9AI score0.00564EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-2796

The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id...

5.3CVSS6.8AI score0.37468EPSS
Exploits5References1
OSV
OSV
added 2024/01/16 4:15 p.m.4 views

CVE-2023-5922

The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action and REST endpoint, currently disabled in the plugin have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protect...

7.5CVSS5.9AI score0.0071EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/01/16 3:57 p.m.6 views

CVE-2023-5922 Royal Elementor Addons and Templates < 1.3.81 - Unauthenticated Arbitrary Post Read

The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action and REST endpoint, currently disabled in the plugin have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protect...

7.6AI score0.0071EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/12/29 12:0 a.m.18 views

EventPrime < 3.3.6 - Unauthenticated Event Access

Description The plugin lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name. PoC 1. Create a password-protected event or a private event then publish it. 2. Access to the URL on a private...

5.3CVSS6.9AI score0.00564EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/12/29 12:0 a.m.178 views

EventPrime < 3.3.6 - Unauthenticated Event Access

Description The plugin lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name. 1. Create a password-protected event or a private event then publish it. 2. Access to the URL on a private...

5.3CVSS7.3AI score0.00564EPSS
Exploits2
OSV
OSV
added 2023/12/26 7:15 p.m.4 views

CVE-2023-6250

The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag...

7.5CVSS5.8AI score0.00456EPSS
Exploits2References1
NVD
NVD
added 2023/12/26 7:15 p.m.21 views

CVE-2023-6250

The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag...

7.5CVSS0.00456EPSS
Exploits2References1
Prion
Prion
added 2023/12/26 7:15 p.m.17 views

Design/Logic Flaw

The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag...

5CVSS7.2AI score0.00456EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/12/26 6:33 p.m.22 views

CVE-2023-6250 BestWebSoft's Like & Share < 2.74 - Unauthenticated Password Protected Post Read

The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag...

7.8AI score0.00456EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/12/26 12:0 a.m.7 views

PT-2023-32576 · Bestwebsoft · Like & Share

Name of the Vulnerable Software and Affected Versions: BestWebSoft's Like & Share WordPress plugin versions prior to 2.74 Description: The issue allows unauthenticated users to access the content of password-protected posts via a meta tag. Recommendations: For versions prior to 2.74, update to...

7.5CVSS7.5AI score0.00456EPSS
Exploits2References6
OSV
OSV
added 2023/12/18 8:15 p.m.4 views

CVE-2023-5949

The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content...

7.5CVSS5.8AI score0.00756EPSS
Exploits2References1
OSV
OSV
added 2023/12/18 8:15 p.m.5 views

CVE-2023-6077

The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protect...

6.5CVSS5.9AI score0.00665EPSS
Exploits2References1
OSV
OSV
added 2023/12/18 8:15 p.m.3 views

CVE-2023-6203

The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request...

7.5CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2023/12/18 8:15 p.m.18 views

Default credentials

The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content...

5CVSS7.1AI score0.00756EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2023/12/18 8:15 p.m.13 views

Cross site request forgery (csrf)

The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request...

5CVSS7.2AI score0.00776EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/12/18 8:8 p.m.20 views

CVE-2023-5949 SmartCrawl WordPress SEO checker < 3.8.3 - Unauthenticated Password Protected Post Disclosure

The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content...

7.7AI score0.00756EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/12/18 8:7 p.m.29 views

CVE-2023-6203 The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read

The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request...

7.7AI score0.00776EPSS
Exploits2References1
Rows per page
Query Builder