6276 matches found
CVE-2024-54427 WordPress Category of Posts plugin <= 1.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in ljmacphee Category of Posts list-one-category-of-posts allows Stored XSS.This issue affects Category of Posts: from n/a through = 1.0...
WordPress TPG Get Posts plugin <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin TPG Get Posts versions = 3.6.5...
PT-2024-36316 · Unknown · Linda Macphee-Cobb Category Of Posts
Name of the Vulnerable Software and Affected Versions: Linda MacPhee-Cobb Category of Posts versions n/a through 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on...
PT-2024-36301 · Unknown · Display Future Posts
Name of the Vulnerable Software and Affected Versions: Display Future Posts versions n/a through 0.2.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...
WordPress plugin Display Future Posts 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the...
WordPress plugin TPG Get Posts 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2024-10690
The CVE-2024-10690 entry corresponds to the WordPress plugin Shortcodes for Elementor (versions up to 1.0.4). The issue is an Information Exposure flaw in the SHORTCODE_ELEMENTOR endpoint caused by insufficient access restrictions, enabling authenticated attackers with Contributor-level access or...
CVE-2024-10690 Shortcodes for Elementor <= 1.0.4 - Authenticated (Contributor+) Post Disclosure
The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODEELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...
CVE-2024-10690 Shortcodes for Elementor <= 1.0.4 - Authenticated (Contributor+) Post Disclosure
The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODEELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...
PT-2024-17596 · WordPress · Get Post Content Shortcode
Name of the Vulnerable Software and Affected Versions: Get Post Content Shortcode plugin for WordPress versions up to, and including, 0.4 Description: The issue is related to Insecure Direct Object Reference. This is due to missing validation on a user-controlled key in the 'post-content'...
PT-2024-16466 · WordPress +1 · Shortcodes For Elementor +1
Name of the Vulnerable Software and Affected Versions: Shortcodes for Elementor plugin for WordPress versions up to, and including, 1.0.4 RSTheme affected versions not specified Description: The issue is related to Information Exposure, where insufficient restrictions on which posts can be includ...
CVE-2024-54311
Missing Authorization vulnerability in i.lychkov Mark New Posts mark-new-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through = 7.5.1...
CVE-2023-41849
Missing Authorization vulnerability in WP Happy Coders Posts Like Dislike allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Posts Like Dislike: from n/a through 1.1.0...
CVE-2024-54311 WordPress Mark New Posts plugin <= 7.5.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in i.lychkov Mark New Posts mark-new-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through = 7.5.1...
CVE-2024-54311
CVE-2024-54311 is a Missing Authorization vulnerability in the WordPress plugin Mark New Posts . The issue allows exploitation of access control to modify settings via the plugin’s save_options flow, affecting versions up to and including 7.5.1 . The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I...
CVE-2023-41849
The CVE-2023-41849 entry concerns the WordPress Posts Like Dislike plugin (
CVE-2024-9290
creationtimestamp| type| source ---|---|--- 2024-12-13 09:30:14+00:00| seen| https://infosec.exchange/users/cve/statuses/113644811971420753 2024-12-13 12:25:39+00:00| seen| https://t.me/cvedetector/12853 2024-12-24 19:28:07+00:00| seen|...
CVE-2024-12309
CVE-2024-12309 affects Rate My Post – Star Rating Plugin for WordPress (FeedbackWP). The vulnerability is an Insecure Direct Object Reference in get_post_status() due to missing validation on a user-controlled key, allowing unauthenticated voters to affect unpublished posts. The CVE entry notes v...
CVE-2024-12309 Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts
The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the getpoststatus due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...
CVE-2024-12309 Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts
The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the getpoststatus due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...