CVE-2021-24661

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID...

WordPress PageLayer plugin <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modification vulnerability

Cross-Site Request Forgery CSRF To Post Contents Modification vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin PageLayer versions = 1.9.8...

BIT-MASTODON-2024-37903 Mastodon has improper authorship check on audience extension for existing posts

Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the...

CVE-2024-37903

CVE-2024-37903 (Mastodon) affects Mastodon self-hosted/federated platform. The issue allows an attacker to extend the audience of a post they do not own to other Mastodon users on a target server, potentially gaining access to the post contents. This occurs in affected versions from 2.6.0 up to 4...

Improper Access Control

Mattermost is vulnerable to Improper Access Control. The vulnerability is due to a failure to enforce proper access controls, allowing users to view arbitrary post contents via the /playbook slash command...

CVE-2024-36241

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to enforce proper access controls which allows user to view arbitrary post contents via the /playbook add slash command...

CVE-2024-36241

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to enforce proper access controls which allows user to view arbitrary post contents via the /playbook add slash command...

CVE-2024-36241

Mattermost Server vulnerable versions: 8.1.x up to 8.1.12; 9.5.x up to 9.5.3; 9.6.x up to 9.6.1. Issue: improper access controls allow viewing arbitrary post contents via the /playbook add slash command. Root cause: failure to enforce access restrictions. Impact: exposure of post content to unaut...

AZL-43182 CVE-2024-1984 affecting package graphene 1.10.8-1

The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source...

PT-2024-15903 · WordPress · S2Member

Name of the Vulnerable Software and Affected Versions: s2Member plugin for WordPress versions prior to 230816 Description: The issue allows unauthenticated attackers to expose information via the API, making it possible to see the contents of posts and pages. Recommendations: For versions prior t...

CVE-2024-0906

CVE-2024-0906 concerns the WordPress plugin “f(x) Private Site.” The vulnerability allows unauthenticated attackers to access page and post contents protected by the plugin via the plugin’s API. Affected are all versions up to and including 1.2.1. The included Red Hat advisory corroborates the sa...

Sensitive Information Disclosure

Mattermost server is vulnerable to Sensitive Information Disclosure. The vulnerability is caused as the server fails to sanitize data associated with permalinks when a plugin updates an ephemeral post. This results an authenticated attacker who can control the ephemeral post update to access...

Race condition

A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts...

CVE-2021-24661

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID...

CVE-2021-24633

The CVE concerns the Countdown Block WordPress plugin (versions before 1.1.2). The issue is missing authorization in the eb_write_block_css AJAX action, enabling any authenticated user (e.g., Subscriber) to modify post contents displayed to users, impacting integrity of content. The root cause is...

CVE-2021-24633 Countdown Block < 1.1.2 - Missing Authorisation in AJAX action

The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the ebwriteblockcss AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users...