Lucene search
K

6276 matches found

NVD
NVD
added 2024/12/18 12:15 p.m.26 views

CVE-2024-11291

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated...

5.3CVSS0.00457EPSS
Exploits0References2
CVE
CVE
added 2024/12/18 7:2 a.m.44 views

CVE-2024-11295

CVE-2024-11295 affects the WordPress plugin Simple Page Access Restriction. All versions up to 1.0.29 are vulnerable to sensitive information exposure via the WordPress core search feature, allowing unauthenticated attackers to extract data from posts restricted to higher-level roles. Publicly av...

5.3CVSS5.3AI score0.00452EPSS
Exploits0References2
OSV
OSV
added 2024/12/18 4:15 a.m.4 views

CVE-2024-12061

The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naeventselementortemplate shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, wi...

4.3CVSS5.8AI score0.00367EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/18 12:0 a.m.7 views

PT-2024-16890 · WordPress · Simple Page Access Restriction

Name of the Vulnerable Software and Affected Versions: Simple Page Access Restriction plugin for WordPress versions up to 1.0.29 Description: The issue allows unauthenticated attackers to extract sensitive data from posts restricted to higher-level roles, such as logged-in users, via the WordPres...

5.3CVSS9.4AI score0.00452EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/12/18 12:0 a.m.6 views

PT-2024-16886 · WordPress · Paid Membership Subscriptions

Name of the Vulnerable Software and Affected Versions: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress versions up to, and including, 2.13.4 Description: The vulnerability allows unauthenticated attackers to extract sensitive...

5.3CVSS9.4AI score0.00457EPSS
Exploits0References8
Circl
Circl
added 2024/12/17 7:57 p.m.6 views

CVE-2024-49194

creationtimestamp| type| source ---|---|--- 2024-12-17 19:57:45+00:00| seen| https://infosec.exchange/users/cve/statuses/113669928710434373 2024-12-17 21:48:09+00:00| seen| https://t.me/cvedetector/13127 2024-12-20 06:25:11+00:00| seen| https://bsky.app/profile/dinosn.bsky.social/post/3ldpqun5z7c...

7.3CVSS6AI score0.00711EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/12/17 12:0 a.m.5 views

PT-2024-16889 · WordPress · Memberful

Name of the Vulnerable Software and Affected Versions: Memberful plugin for WordPress versions up to, and including, 1.73.9 Description: The issue allows unauthenticated attackers to extract sensitive data from posts restricted to higher-level roles, such as site members, via the WordPress core...

5.3CVSS9.6AI score0.00452EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/12/17 12:0 a.m.7 views

PT-2024-16881 · WordPress · Ppwp – Password Protect Pages

Name of the Vulnerable Software and Affected Versions: PPWP – Password Protect Pages plugin for WordPress versions up to, and including, 1.9.5 Description: The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure via the WordPress core search feature...

5.3CVSS9.6AI score0.00402EPSS
Exploits0References9
Cvelist
Cvelist
added 2024/12/16 11:24 p.m.17 views

CVE-2024-11906 TPG Get Posts <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpggetposts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.0033EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/16 11:24 p.m.9 views

CVE-2024-11906 TPG Get Posts <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpggetposts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.0033EPSS
Exploits0References3
CVE
CVE
added 2024/12/16 11:24 p.m.43 views

CVE-2024-11906

CVE-2024-11906 affects the WordPress plugin “TPG Get Posts.” It enables Stored Cross-Site Scripting via the plugin’s tpg_get_posts shortcode in all versions up to 3.6.5 due to insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires at least contribut...

6.4CVSS5.7AI score0.0033EPSS
Exploits0References3
NVD
NVD
added 2024/12/16 3:15 p.m.7 views

CVE-2024-54427

Cross-Site Request Forgery CSRF vulnerability in ljmacphee Category of Posts list-one-category-of-posts allows Stored XSS.This issue affects Category of Posts: from n/a through = 1.0...

7.1CVSS0.00202EPSS
Exploits0References1
NVD
NVD
added 2024/12/16 3:15 p.m.9 views

CVE-2024-54413

Cross-Site Request Forgery CSRF vulnerability in brandt-net Display Future Posts display-future-posts allows Stored XSS.This issue affects Display Future Posts: from n/a through = 0.2.3...

7.1CVSS0.00202EPSS
Exploits0References1
NVD
NVD
added 2024/12/16 3:15 p.m.16 views

CVE-2024-54403

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in oktoberfive Visual Recent Posts visual-recent-posts allows Reflected XSS.This issue affects Visual Recent Posts: from n/a through = 1.2.3...

7.1CVSS0.00387EPSS
Exploits0References1
NVD
NVD
added 2024/12/16 3:15 p.m.9 views

CVE-2024-54387

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jaytesh Barange Posts Date Ranges posts-date-ranges allows Reflected XSS.This issue affects Posts Date Ranges: from n/a through = 2.2...

7.1CVSS0.00387EPSS
Exploits0References1
CVE
CVE
added 2024/12/16 2:31 p.m.41 views

CVE-2024-54387

CVE-2024-54387: Reflected XSS in Posts Date Ranges (WordPress plugin). Affected: Posts Date Ranges (up to 2.2 per description). Root cause: Improper neutralization of input during web page generation. Impact: Cross-site scripting with potential exposure of client data and session context; CVSS v3...

7.1CVSS7.2AI score0.00387EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/16 2:31 p.m.22 views

CVE-2024-54387 WordPress Posts Date Ranges plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jaytesh Barange Posts Date Ranges posts-date-ranges allows Reflected XSS.This issue affects Posts Date Ranges: from n/a through = 2.2...

7.1CVSS0.00387EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/16 2:13 p.m.27 views

CVE-2024-54413 WordPress Display Future Posts plugin <= 0.2.3 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery CSRF vulnerability in brandt-net Display Future Posts display-future-posts allows Stored XSS.This issue affects Display Future Posts: from n/a through = 0.2.3...

7.1CVSS0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/16 2:13 p.m.9 views

CVE-2024-54413 WordPress Display Future Posts plugin <= 0.2.3 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery CSRF vulnerability in Stefan Brandt Display Future Posts allows Stored XSS.This issue affects Display Future Posts: from n/a through 0.2.3...

7.1CVSS6.8AI score0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/16 2:13 p.m.8 views

CVE-2024-54427 WordPress Category of Posts plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Linda MacPhee-Cobb Category of Posts allows Stored XSS.This issue affects Category of Posts: from n/a through 1.0...

7.1CVSS6.8AI score0.00202EPSS
Exploits0References1
Rows per page
Query Builder