Lucene search
+L

53 matches found

OSV
OSV
added 2024/02/29 10:41 a.m.7 views

CVE-2024-1942

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of...

4.3CVSS4.2AI score0.0036EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.12 views

Page Restrict <= 2.5.5 - Unauthenticated Protected Post Access

Description The plugin is vulnerable to information disclosure due to the plugin not properly restricting access to posts via the REST API when a page has been made private, allowing unauthenticated attackers to view protected posts...

5.3CVSS6.5AI score0.00496EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/18 8:8 p.m.26 views

CVE-2023-6077 Slider - Ultimate Responsive Image Slider < 3.5.12 - Subscriber+ Arbitrary Post Access

The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protect...

6.7AI score0.00665EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/11/23 12:0 a.m.186 views

Slider - Ultimate Responsive Image Slider < 3.5.12 - Subscriber+ Arbitrary Post Access

Description The plugin does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protected Run the below...

6.5CVSS6.9AI score0.00665EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.163 views

Simple Social Buttons < 5.1.1 - Unauthenticated Password Protected Post Access

Description The plugin leaks password-protected post content to unauthenticated visitors in some meta tags As unauthenticated, view the source of any password-protected post and see that the content of the post is disclosed in the og:description and twitter:description meta tags...

5.3CVSS5.4AI score0.00575EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.19 views

PT-2023-25783 · WordPress · Activitypub

Name of the Vulnerable Software and Affected Versions: ActivityPub WordPress plugin versions prior to 1.0.0 Description: The issue allows any authenticated user to retrieve the content of arbitrary posts, including drafts and private posts, via an IDOR vector. This is because the plugin does not...

4.3CVSS5.1AI score0.00468EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2023/08/30 2:22 p.m.9 views

CVE-2023-4036 Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access

The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones...

4.7AI score0.00453EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/08/30 12:0 a.m.9 views

PT-2023-27410 · WordPress · Simple Blog Card

Name of the Vulnerable Software and Affected Versions: Simple Blog Card WordPress plugin version 1.32 and earlier Description: The issue allows any authenticated user to retrieve arbitrary post titles and their content, including drafts, private posts, and password-protected ones, because the...

4.3CVSS4.6AI score0.00453EPSS
Exploits2References6
Packet Storm
Packet Storm
added 2023/08/04 12:0 a.m.167 views

WordPress EventON Calendar 4.4 Insecure Direct Object Reference

Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR Date: 03.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://www.myeventon.com/ Version: 4.4 Tested on: Google and Firefox latest version CVE : CVE-2023-3219 1. Description The plugin does no...

5.3CVSS7.1AI score0.07398EPSS
Exploits5
Vulnrichment
Vulnrichment
added 2023/05/02 7:4 a.m.15 views

CVE-2023-1911 Blocksy Companion < 1.8.82 - Subscriber+ Draft Post Access

The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example...

4.4AI score0.0055EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/05/02 12:0 a.m.10 views

PT-2023-17333 · WordPress · Blocksy Companion

Name of the Vulnerable Software and Affected Versions: Blocksy Companion WordPress plugin versions prior to 1.8.82 Description: The issue allows any authenticated users, such as subscribers, to access draft posts via a shortcode, because it does not ensure that posts are already public and can be...

4.3CVSS5.2AI score0.0055EPSS
Exploits2References5
wpexploit
wpexploit
added 2023/04/10 12:0 a.m.240 views

Blocksy Companion < 1.8.82 - Subscriber+ Draft Post Access

The plugin does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example Run the below command in the developer console of the web browser while being on the blog as a subscrib...

4.3CVSS9.2AI score0.0055EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2023/04/10 12:0 a.m.7 views

PT-2023-16974 · WordPress · Wp Tiles

Name of the Vulnerable Software and Affected Versions: WP Tiles WordPress plugin versions 1.1.2 and earlier Description: The issue allows any authenticated users, such as subscribers, to retrieve the titles of draft and private posts. An attacker could also retrieve the title of any other type of...

6.5CVSS6.2AI score0.00795EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2023/03/20 3:52 p.m.8 views

CVE-2023-0890 Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access

The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or...

6.3AI score0.00654EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/03/20 3:52 p.m.34 views

CVE-2023-0890 Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access

The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or...

6.4AI score0.00654EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/02/27 12:0 a.m.23 views

Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access

The plugin does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or even password protected posts. It is also possible to leak the password of...

6.5CVSS6.7AI score0.00654EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/02/27 12:0 a.m.156 views

Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access

The plugin does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or even password protected posts. It is also possible to leak the password of...

6.5CVSS6.9AI score0.00654EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2023/02/13 2:32 p.m.8 views

CVE-2022-3891 WP FullCalendar < 1.5 - Unauthenticated Arbitrary Post Access

The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected...

6.8AI score0.00694EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/01/23 2:31 p.m.5 views

CVE-2021-24881 Passster < 3.5.5.9 - Protection Bypass & Arbitrary Post Access

The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts such as private content, by sending a specifically crafted...

7.3AI score0.00818EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/01/23 2:31 p.m.27 views

CVE-2021-24881 Passster < 3.5.5.9 - Protection Bypass & Arbitrary Post Access

The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts such as private content, by sending a specifically crafted...

7.8AI score0.00818EPSS
Exploits2References1
Rows per page
Query Builder