Information disclosure

Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys...

CVE-2022-46484

Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys...

WordPress Password Protected Plugin <= 2.6.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Password Protected Type Plugin Vulnerable versions = 2.6.3.1 Fixed in 2.6.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 30c25e36e106 Credits Rafie Muhammad Patchstack...

WordPress The best plugin for restrict content, support all Custom Post Types and Elementor – Password Protected Plugin <= 1.0.16 is vulnerable to Cross Site Scripting (XSS)

Software The best plugin for restrict content, support all Custom Post Types and Elementor – Password Protected Type Plugin Vulnerable versions = 1.0.16 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7....

Authorization

The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id...

CVE-2023-2796 EventON < 2.1.2 - Unauthenticated Event Access

The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id...

CVE-2023-3371

The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt an...

CVE-2023-3371

The EmbedPress plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view...

Hardcoded credentials

The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt an...

WordPress Password Protected Plugin < 2.6.3 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpexperts:passwordprotected"; if description...

WordPress plugin EmbedPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2023-32580

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPExperts Password Protected plugin = 2.6.2 versions...

CVE-2023-32580

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPExperts Password Protected plugin = 2.6.2 versions...

CVE-2023-32580 WordPress Password Protected Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPExperts Password Protected plugin = 2.6.2 versions...

CVE-2023-32580 WordPress Password Protected Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPExperts Password Protected plugin = 2.6.2 versions...

CVE-2023-32580

CVE-2023-32580 affects the WordPress plugin “Password Protected” (WPExperts) ≤ 2.6.2. The issue is an authenticated (admin+) Stored Cross‑Site Scripting (XSS) vulnerability, enabling script injection via the plugin’s handling of input when already logged in as an administrator. Multiple sources c...

WordPress Plugin Password Protected 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Password Protected Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Password Protected Type Plugin Vulnerable versions = 2.6.2 Fixed in 2.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32580 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a80c60dc1bba Credits Mika Required...

CVE-2023-1524

The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any fil...

WordPress plugin Download Manager 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...