6276 matches found
CVE-2024-11291
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated...
CVE-2024-11295
CVE-2024-11295 affects the WordPress plugin Simple Page Access Restriction. All versions up to 1.0.29 are vulnerable to sensitive information exposure via the WordPress core search feature, allowing unauthenticated attackers to extract data from posts restricted to higher-level roles. Publicly av...
CVE-2024-12061
The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naeventselementortemplate shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, wi...
PT-2024-16890 · WordPress · Simple Page Access Restriction
Name of the Vulnerable Software and Affected Versions: Simple Page Access Restriction plugin for WordPress versions up to 1.0.29 Description: The issue allows unauthenticated attackers to extract sensitive data from posts restricted to higher-level roles, such as logged-in users, via the WordPres...
PT-2024-16886 · WordPress · Paid Membership Subscriptions
Name of the Vulnerable Software and Affected Versions: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress versions up to, and including, 2.13.4 Description: The vulnerability allows unauthenticated attackers to extract sensitive...
CVE-2024-49194
creationtimestamp| type| source ---|---|--- 2024-12-17 19:57:45+00:00| seen| https://infosec.exchange/users/cve/statuses/113669928710434373 2024-12-17 21:48:09+00:00| seen| https://t.me/cvedetector/13127 2024-12-20 06:25:11+00:00| seen| https://bsky.app/profile/dinosn.bsky.social/post/3ldpqun5z7c...
PT-2024-16889 · WordPress · Memberful
Name of the Vulnerable Software and Affected Versions: Memberful plugin for WordPress versions up to, and including, 1.73.9 Description: The issue allows unauthenticated attackers to extract sensitive data from posts restricted to higher-level roles, such as site members, via the WordPress core...
PT-2024-16881 · WordPress · Ppwp – Password Protect Pages
Name of the Vulnerable Software and Affected Versions: PPWP – Password Protect Pages plugin for WordPress versions up to, and including, 1.9.5 Description: The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure via the WordPress core search feature...
CVE-2024-11906 TPG Get Posts <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpggetposts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-11906 TPG Get Posts <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpggetposts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-11906
CVE-2024-11906 affects the WordPress plugin “TPG Get Posts.” It enables Stored Cross-Site Scripting via the plugin’s tpg_get_posts shortcode in all versions up to 3.6.5 due to insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires at least contribut...
CVE-2024-54427
Cross-Site Request Forgery CSRF vulnerability in ljmacphee Category of Posts list-one-category-of-posts allows Stored XSS.This issue affects Category of Posts: from n/a through = 1.0...
CVE-2024-54413
Cross-Site Request Forgery CSRF vulnerability in brandt-net Display Future Posts display-future-posts allows Stored XSS.This issue affects Display Future Posts: from n/a through = 0.2.3...
CVE-2024-54403
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in oktoberfive Visual Recent Posts visual-recent-posts allows Reflected XSS.This issue affects Visual Recent Posts: from n/a through = 1.2.3...
CVE-2024-54387
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jaytesh Barange Posts Date Ranges posts-date-ranges allows Reflected XSS.This issue affects Posts Date Ranges: from n/a through = 2.2...
CVE-2024-54387
CVE-2024-54387: Reflected XSS in Posts Date Ranges (WordPress plugin). Affected: Posts Date Ranges (up to 2.2 per description). Root cause: Improper neutralization of input during web page generation. Impact: Cross-site scripting with potential exposure of client data and session context; CVSS v3...
CVE-2024-54387 WordPress Posts Date Ranges plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jaytesh Barange Posts Date Ranges posts-date-ranges allows Reflected XSS.This issue affects Posts Date Ranges: from n/a through = 2.2...
CVE-2024-54413 WordPress Display Future Posts plugin <= 0.2.3 - CSRF to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery CSRF vulnerability in brandt-net Display Future Posts display-future-posts allows Stored XSS.This issue affects Display Future Posts: from n/a through = 0.2.3...
CVE-2024-54413 WordPress Display Future Posts plugin <= 0.2.3 - CSRF to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery CSRF vulnerability in Stefan Brandt Display Future Posts allows Stored XSS.This issue affects Display Future Posts: from n/a through 0.2.3...
CVE-2024-54427 WordPress Category of Posts plugin <= 1.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in Linda MacPhee-Cobb Category of Posts allows Stored XSS.This issue affects Category of Posts: from n/a through 1.0...