Lucene search
K

210 matches found

Cvelist
Cvelist
added 2024/04/10 4:30 a.m.40 views

CVE-2024-3235 Essential Grid <= 3.1.1 - Unauthenticated Private Post Disclosure

The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the onfrontajaxaction function. This makes it possible for unauthenticated attackers to view private and password protected posts that m...

5.3CVSS5.5AI score0.00688EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.6 views

PT-2024-24526 · WordPress · Essential Grid Gallery

Name of the Vulnerable Software and Affected Versions: The Essential Grid Gallery WordPress Plugin versions up to, and including, 3.1.1 Description: The issue allows unauthenticated attackers to view private and password-protected posts that may contain sensitive information. This is possible due...

5.3CVSS6.8AI score0.00688EPSS
Exploits0References4
NVD
NVD
added 2024/04/09 7:15 p.m.10 views

CVE-2024-1984

The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source...

5.3CVSS5.2AI score0.00523EPSS
Exploits0References2
OSV
OSV
added 2024/04/09 7:15 p.m.6 views

AZL-43182 CVE-2024-1984 affecting package graphene 1.10.8-1

The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source...

5.3CVSS5.7AI score0.00523EPSS
Exploits0References1
OSV
OSV
added 2024/04/09 7:15 p.m.7 views

AZL-43177 CVE-2024-1984 affecting package graphene 1.10.4-3

The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source...

5.3CVSS5.7AI score0.00523EPSS
Exploits0References1
NVD
NVD
added 2024/04/09 7:15 p.m.14 views

CVE-2024-1641

The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordionsduplicatepostasdraft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with...

5.4CVSS5.2AI score0.00481EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/09 6:59 p.m.19 views

CVE-2024-1984 Graphene <= 2.9.2 - Missing Authorization

The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source...

5.3CVSS5.5AI score0.00523EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/09 6:58 p.m.21 views

CVE-2024-1641 Accordion <= 2.2.96 - Missing Authorization to Authenticated(Contributor+) Post Duplication

The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordionsduplicatepostasdraft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with...

5.4CVSS5.4AI score0.00481EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.7 views

PT-2024-18472 · WordPress · Graphene

Name of the Vulnerable Software and Affected Versions: The Graphene theme for WordPress versions up to, and including, 2.9.2 Description: The issue allows unauthorized access to data via a meta tag, making it possible for unauthenticated individuals to obtain post contents of password-protected...

5.3CVSS9.4AI score0.00523EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.5 views

WordPress Theme Graphene 安全漏洞

WordPress is a blogging platform developed in the PHP language by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme Graphene 2.9.2 and earlier versions,...

5.3CVSS8.7AI score0.00523EPSS
Exploits0References3
OSV
OSV
added 2024/04/06 4:15 a.m.6 views

CVE-2024-2950

The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information og:description This makes it possible for unauthenticated attackers to view the first 130 characters of a password protecte...

5.3CVSS5.8AI score0.00508EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/05 12:0 a.m.9 views

PT-2024-22926 · Boldgrid · Boldgrid Easy Seo

Name of the Vulnerable Software and Affected Versions: The BoldGrid Easy SEO plugin for WordPress versions up to, and including, 1.6.14 Description: The issue allows unauthenticated attackers to view the first 130 characters of a password-protected post, which can contain sensitive information, v...

5.3CVSS9.5AI score0.00508EPSS
Exploits0References7
Patchstack
Patchstack
added 2024/04/01 8:30 a.m.6 views

WordPress Hubbub Lite plugin < 1.33.1 - Unauthenticated Password Protected Posts Access vulnerability

Unauthenticated Password Protected Posts Access vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Hubbub Lite versions 1.33.1...

5.3CVSS7AI score0.00516EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2024/04/01 5:15 a.m.5 views

CVE-2024-1526

The Hubbub Lite WordPress plugin before 1.33.1 does not ensure that user have access to password protected post before displaying its content in a meta tag...

5.3CVSS5.8AI score0.00516EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/03/21 12:0 a.m.17 views

Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read

Description The plugin does not ensure that post content displayed via an AJAX action are accessible to the user, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts PoC When logged in as a subscriber, open the following URL and note that the...

6.5AI score0.00451EPSS
Exploits2Affected Software1
CNNVD
CNNVD
added 2024/03/20 12:0 a.m.4 views

WordPress Plugin Smart Custom Fields Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

4.3CVSS6.4AI score0.0058EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/03/13 3:26 p.m.28 views

CVE-2024-0592 Related Posts for WordPress <= 2.2.1 - Cross-Site Request Forgery

The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handlecreatelink function. This makes it possible for unauthenticated attackers to add related...

5.4CVSS5.4AI score0.00285EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/13 3:26 p.m.12 views

CVE-2024-0592 Related Posts for WordPress <= 2.2.1 - Cross-Site Request Forgery

The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handlecreatelink function. This makes it possible for unauthenticated attackers to add related...

5.4CVSS6.6AI score0.00285EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/03/13 12:0 a.m.13 views

Accordion < 2.2.97 - Missing Authorization to Authenticated(Contributor+) Post Duplication

Description The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordionsduplicatepostasdraft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers,...

5.4CVSS6.5AI score0.00481EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/13 12:0 a.m.21 views

Related Posts for WordPress < 2.2.2 - Cross-Site Request Forgery

Description The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handlecreatelink function. This makes it possible for unauthenticated attackers to...

5.4CVSS6.7AI score0.00285EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder