728 matches found
PT-2023-17387 · WordPress · Web Stories For Wordpress
Name of the Vulnerable Software and Affected Versions: Web Stories for WordPress versions prior to 1.32 Description: The Web Stories for WordPress plugin has a vulnerability that allows users with the "Author" role to bypass permission checks and access password-protected content. Normally, users...
CVE-2023-1809
The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files...
CVE-2023-1809 Download Manager Pro < 6.3.0 - Unauthenticated Sensitive Information Disclosure
The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files...
WordPress plugin Download Manager 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
CVE-2023-1371
The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them...
CVE-2023-1371 W4 Post List < 2.4.6 - Subscriber+ Password Protected Post Content Disclosure
The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them...
PT-2023-16937 · WordPress · W4 Post List
Name of the Vulnerable Software and Affected Versions: W4 Post List WordPress plugin versions prior to 2.4.6 Description: The issue arises because the plugin does not properly check access to password-protected posts before displaying their content. This could allow any authenticated users to...
Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks
An unknown threat actor used a malicious self-extracting archive SFX file in an attempt to establish persistent backdoor access to a victim's environment, new findings from CrowdStrike show. SFX files are capable of extracting the data contained within them without the need for dedicated software...
Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks
An unknown threat actor used a malicious self-extracting archive SFX file in an attempt to establish persistent backdoor access to a victim's environment, new findings from CrowdStrike show. SFX files are capable of extracting the data contained within them without the need for dedicated software...
Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies
A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions. The threat actor, active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte,...
WordPress Wp Edit Password Protected – Create Member/User Only Page & Design Password Protected Form Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Wp Edit Password Protected – Create Member/User Only Page & Design Password Protected Form Type Plugin Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low...
PT-2023-16593 · WordPress · Shortcodes Ultimate
Name of the Vulnerable Software and Affected Versions: Shortcodes Ultimate WordPress plugin versions prior to 5.12.8 Description: The issue allows any authenticated users, such as subscribers, to view draft, private, or even password-protected posts. It is also possible to leak the password of...
WordPress Plugin Shortcodes Ultimate 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...
CVE-2023-0772
The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protecte...
Buffer overflow
The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones...
Buffer overflow
The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protecte...
PT-2023-16518 · Optinmonster · The Popup Builder By Optinmonster
Name of the Vulnerable Software and Affected Versions: The Popup Builder by OptinMonster WordPress plugin versions prior to 2.12.2 Description: The issue allows any authenticated users, such as subscribers, to retrieve the content of arbitrary posts, including drafts, private, or password-protect...
CVE-2023-1263 CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.6 - Information Exposure
The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmpgetpostdetail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even wh...
SUSE CVE-2015-7696
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value...
SUSE CVE-2018-1000035
A heap-based buffer overflow exists in Info-Zip UnZip version = 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution...