CVE-2023-4686

The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...

PT-2024-15691 · WordPress · The Content Control – The Ultimate Content Restriction Plugin

Name of the Vulnerable Software and Affected Versions: The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress versions up to, and including, 2.1.0 Description: The plugin is vulnerable to Sensitive Information Exposur...

BIT-WORDPRESS-2020-28038

WordPress before 5.5.2 allows stored XSS via post slugs...

BIT-WORDPRESS-MULTISITE-2020-28038

WordPress before 5.5.2 allows stored XSS via post slugs...

CVE-2024-0620

The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for unauthenticated attackers to obtain post titles, IDs, slugs as well as other information including for...

PT-2024-15692 · WordPress · The Passster

Name of the Vulnerable Software and Affected Versions: The Passster – Password Protect Pages and Content plugin for WordPress versions up to, and including, 4.2.6.2 Description: The issue allows unauthenticated attackers to obtain sensitive information, including post titles, slugs, IDs, content,...

CVE-2023-4686

The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...

CVE-2023-4686 WP Customer Reviews <= 3.6.6 - Authenticated (Subscriber+) Sensitive Information Exposure

The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...

CVE-2023-4645

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the aiajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs including those of protected posts along with their...

CVE-2023-2495

The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtransajaxold AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF...

CVE-2023-2495

The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtransajaxold AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF...

WordPress 4.8.x < 4.8.18 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS vulnerability through post slugs. - An object injection vulnerability in some multisite installations. - A SQL injection vulnerability in...

WordPress 4.2.x < 4.2.31 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS vulnerability through post slugs. - An object injection vulnerability in some multisite installations. - A SQL injection vulnerability in...

WordPress < 5.8.3 - Author+ Stored XSS via Post Slugs

Description Low-privileged authenticated users like author in WordPress core are able to execute JavaScript/perform stored XSS attack via post slugs, which can affect high-privileged users...

Cross-Site Scripting (XSS)

WordPress is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via post slugs...

CVE-2020-28038

WordPress before 5.5.2 allows stored XSS via post slugs...

DEBIAN-CVE-2020-28038

WordPress before 5.5.2 allows stored XSS via post slugs...

UBUNTU-CVE-2020-28038

WordPress before 5.5.2 allows stored XSS via post slugs...

CVE-2020-28038

WordPress before 5.5.2 allows stored XSS via post slugs...

CVE-2020-28038

CVE-2020-28038 affects WordPress prior to 5.5.2, where stored XSS via post slugs is possible. The connected Nessus/Fedora entries confirm WordPress 5.5.2/5.5.3 maintenance releases addressing CVE-2020-28038 and related fixes, with WordPress 5.5.2 patching the stored XSS in post slugs. The vulnera...