CVE-2024-13688

The Admin and Site Enhancements ASE WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing attacker to bypass the protection offered via a crafted request...

CVE-2024-13688

The Admin and Site Enhancements ASE WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing attacker to bypass the protection offered via a crafted request...

CVE-2024-13688

The Admin and Site Enhancements ASE WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing attacker to bypass the protection offered via a crafted request...

CVE-2024-13688 Admin and Site Enhancements (ASE) < 7.6.10 - Password Protection Bypass

The Admin and Site Enhancements ASE WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing attacker to bypass the protection offered via a crafted request...

CVE-2024-13688

CVE-2024-13688 relates to the Admin and Site Enhancements (ASE) WordPress plugin. The issue is a hardcoded password in the Password Protection feature, enabling bypass of protection through a crafted request. Affected versions are

CVE-2024-13688 Admin and Site Enhancements (ASE) < 7.6.10 - Password Protection Bypass

The Admin and Site Enhancements ASE WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing attacker to bypass the protection offered via a crafted request...

CVE-2025-3453

CVE-2025-3453 affects the WordPress plugin “Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products …” (versions ≤ 2.7.7). Root cause: the password_protected_cookie function permits sensitive information exposure. Impact: unauthenticated attackers can extract prot...

CVE-2025-3453 Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products <= 2.7.7 - Unauthenticated Sensitive Information Exposure

The Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products – Restrict Content, Protect WooCommerce Category and more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.7 via the 'passwordprotectedcookie'...

CVE-2025-0417

CVE-2025-0417 affects Valmet DNA Visualization in DNA Operate. The issue is a lack of protection against brute force attacks, permitting an arbitrary number of login attempts with no rate limit, increasing the chance of password guessing and subsequent switching operations. Reported impact per CV...

CVE-2023-46123

jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability,...

Protected: zQA Content Editing Styles

This content is password protected. To view it please enter your password below: Password:...

CVE-2022-1553

Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integri...

CVE-2024-0436

Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...

CVE-2024-11768

The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download...

CVE-2024-11768 Download manager <= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected Files

The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download...

CVE-2024-5333

The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events...

CVE-2024-10671

CVE-2024-10671 affects the WordPress plugin Button Block (versions up to and including 1.1.4). The issue allows authenticated attackers with Contributor-level access and above to exfiltrate data from password‑protected, private, or draft posts via the btn_block shortcode due to insufficient post‑...

WordPress Exclusive Content Password Protect plugin <= 1.1.0 - CSRF to Arbitrary File Upload vulnerability

CSRF to Arbitrary File Upload vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Exclusive Content Password Protect versions = 1.1.0...

8 security tips for small businesses

Small businesses and startups are known to face some extra challenges when it comes to cybersecurity. Because they don’t have the size or budget to have a fully-fledged dedicated security team, it often comes down to one person that doesn’t have the time to do everything that is recommended or ev...

CVE-2024-6979

Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of...