CVE-2024-2093 VK All in One Expansion Unit <= 9.95.0.1 - Information Exposure

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content...

CVE-2024-2950

CVE-2024-2950 affects BoldGrid Easy SEO – Simple and Effective SEO for WordPress (

WordPress Passster – Password Protection Plugin <= 4.2.6.4 is vulnerable to Cross Site Scripting (XSS)

Software Passster – Password Protection Type Plugin Vulnerable versions = 4.2.6.4 Fixed in 4.2.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2026 Patch priority Low CVSS severity Low 6.5 Developer Patrick Posner PSID e14038938ff1 Credits...

ROS-20240402-06

Vulnerability in the password protection mechanism of the Grub2 boot loader is related to the bypass of authentication by spoofing. Exploitation of the vulnerability could allow an attacker to bypass established access control...

CVE-2024-1526

The vulnerability CVE-2024-1526 affects the Hubbub Lite WordPress plugin for versions prior to 1.33.1. The issue arises from the plugin not ensuring that a user has access to password-protected posts before displaying their content in a meta tag (og:description) when Open Graph meta tags are enab...

Updated grub2 packages fix security vulnerabilities

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a...

Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access

Description The plugin does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts Open one of the below URL as an unauthenticated user and note that password protected posts are disclosed in ...

Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access

Description The plugin does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts PoC Open one of the below URL as an unauthenticated user and note that password protected posts are disclosed...

CVE-2024-1857

The Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the wpswgmpreviewemailtemplate. This makes it possible for...

Cross site request forgery (csrf)

The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handlecreatelink function. This makes it possible for unauthenticated attackers to add related...

Hubbub Lite < 1.33.1 - Unauthenticated Password Protected Posts Access

Description The plugin does not ensure that user have access to password protected post before displaying its content in a meta tag. When the "Disable Open Graph Meta Tags" settings of the plugin is disabled, view the source of a password protected post and note its content being disclosed in the...

Hubbub Lite < 1.33.1 - Unauthenticated Password Protected Posts Access

Description The plugin does not ensure that user have access to password protected post before displaying its content in a meta tag. PoC When the "Disable Open Graph Meta Tags" settings of the plugin is disabled, view the source of a password protected post and note its content being disclosed in...

BIT-WORDPRESS-2021-29450 WordPress Authenticated disclosure of password-protected posts and pages

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases...

CVE-2024-1769

The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 14 via the meta description data. This makes it possible for unauthenticated attackers to view password protected post content when viewing the page source...

Medium: grub2

Issue Overview: The "/boot/efi/EFI/fedora/grub.cfg" configuration file allows an unprivileged user with physical access to a computer to bypass the GRUB password protection feature on many but not all UEFI-based systems. CVE-2023-4001 Affected Packages: grub2 Issue Correction: Run dnf update grub...

Facebook bug could have allowed attacker to take over accounts

A vulnerability in Facebook could have allowed an attacker to take over a Facebook account without the victim needing to click on anything at all. The bug was found by a bounty hunter from Nepal called Samip Aryal and has now been fixed by Facebook. In his search for an account takeover...

CVE-2024-0436

Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...

Design/Logic Flaw

Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...

CVE-2024-0436

Technical details (affected product/version, root cause specifics, exploit scenarios, or remediation) are not publicly available in the provided Connected documents. Monitor for updates from NVD/Red Hat/OSV and other feeds to obtain concrete data.

CVE-2024-0436 Prevent timing attack for single-user password check

Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...