CVE-2026-6728

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'getstreamdata' function. This makes it possible for unauthenticated attackers to extract sensitive data including published password-protected post, page, an...

CVE-2026-6728 Slider Revolution <= 7.0.9 - Unauthenticated Sensitive Information Exposure via 'sliders/stream'

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'getstreamdata' function. This makes it possible for unauthenticated attackers to extract sensitive data including published password-protected post, page, an...

CVE-2026-6728

The CVE concerns the WordPress Slider Revolution plugin (up to version 7.0.9). Affected component: get_stream_data() in sliders/stream, enabling unauthenticated attackers to exfiltrate sensitive content, including published password-protected posts, pages, and products. Root cause: Sensitive Info...

EUVD-2026-31089

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'getstreamdata' function. This makes it possible for unauthenticated attackers to extract sensitive data including published password-protected post, page, an...

CVE-2026-6728

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'getstreamdata' function. This makes it possible for unauthenticated attackers to extract sensitive data including published password-protected post, page, an...

PT-2026-42137

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'get stream data' function. This makes it possible for unauthenticated attackers to extract sensitive data including published password-protected post, page,...

EUVD-2023-58502

Malicious code in bioql PyPI...

EUVD-2024-48952

Malicious code in bioql PyPI...

CVE-2025-5998

The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API...

CVE-2024-1995

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level access and above,...

CVE-2024-2093

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content...

CVE-2024-2093

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content...

VK All in One Expansion Unit < 9.96.0.0 - Unauthenticated Password Protected Content Access

Description The plugin is vulnerable to Sensitive Information Exposure via social meta tags, allowing unauthenticated attackers to view limited password protected content...

CVE-2024-1769

The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 12 via the meta description data. This makes it possible for unauthenticated attackers to view password protected post content when viewing the page source...

PT-2024-18290 · WordPress · Jm Twitter Cards

Name of the Vulnerable Software and Affected Versions: JM Twitter Cards plugin for WordPress versions up to, and including, 12 Description: The issue allows unauthenticated attackers to view password protected post content when viewing the page source, due to Information Exposure via the meta...

CVE-2023-4036

The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones...

CVE-2023-3371

The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt an...

CVE-2023-3371

The EmbedPress plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view...

Hardcoded credentials

The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt an...

CVE-2023-1263 CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.6 - Information Exposure

The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmpgetpostdetail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even wh...