Lucene search
+L

27 matches found

Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.12 views

PT-2024-18083 · WordPress · Wp Show Posts

Name of the Vulnerable Software and Affected Versions: WP Show Posts plugin for WordPress versions up to, and including, 1.1.4 Description: The issue allows authenticated attackers with contributor access and above to view the contents of draft, trash, future, private, and pending posts and pages...

5.3CVSS9.4AI score0.00653EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/02/05 12:0 a.m.9 views

PT-2024-15006 · WordPress · The Events Calendar

Name of the Vulnerable Software and Affected Versions: The Events Calendar plugin for WordPress versions up to, and including, 6.2.8.2 Description: The issue allows unauthenticated attackers to extract potentially sensitive data, including post titles and IDs of pending, private, and draft posts,...

5.3CVSS9.7AI score0.00562EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.20 views

The Events Calendar < 6.2.9 - Unauthenticated Sensitive Information Exposure

Description The plugin is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wpajaxnoprivtribedropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and I...

5.3CVSS6.4AI score0.00562EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/01/05 8:15 p.m.27 views

CVE-2023-22454

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has...

8CVSS7.4AI score0.00569EPSS
Exploits0References2
Prion
Prion
added 2023/01/05 8:15 p.m.11 views

Cross site scripting

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has...

5.8CVSS5.9AI score0.00569EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/08/15 11:21 a.m.5 views

CVE-2022-2535

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

5.3CVSS5.8AI score0.01464EPSS
Exploits2References1
Prion
Prion
added 2022/08/15 11:21 a.m.21 views

Code injection

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

5CVSS5.2AI score0.01464EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder