6276 matches found
PT-2024-36193 · Unknown · Mark New Posts
Name of the Vulnerable Software and Affected Versions: Mark New Posts versions n/a through 7.5.1 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions n/a through...
PT-2024-17538 · Feedbackwp · Rate My Post – Star Rating Plugin
Name of the Vulnerable Software and Affected Versions: Rate My Post – Star Rating Plugin by FeedbackWP versions up to, and including, 4.2.4 Description: The issue allows unauthenticated attackers to vote on unpublished scheduled posts due to missing validation on a user-controlled key in the get...
WordPress Rate My Post – WP Rating System plugin <= 4.2.4 - Unauthenticated Voting On Scheduled Posts vulnerability
Unauthenticated Voting On Scheduled Posts vulnerability discovered by HayMiz in WordPress Plugin Rate my Post versions = 4.2.4...
WordPress Category of Posts plugin <= 1.0 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Category of Posts versions = 1.0...
WordPress Display Future Posts plugin <= 0.2.3 - CSRF to Stored Cross-Site Scripting vulnerability
CSRF to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Display Future Posts versions = 0.2.3...
WordPress Visual Recent Posts plugin <= 1.2.3 - Reflected Cross Site Request Forgery (CSRF) vulnerability
Reflected Cross Site Request Forgery CSRF vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Visual Recent Posts versions = 1.2.3...
WordPress Posts Date Ranges plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Posts Date Ranges versions = 2.2...
CVE-2024-11181
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wpreusablerender' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticate...
CVE-2024-11709
The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aipostgeneratordeletePost AJAX action in all versions up to, and including, 3.5. This makes it possible for authenticated attackers, with...
WordPress plugin Greenshift 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin AI Post Generator | AutoWriter 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-44243
creationtimestamp| type| source ---|---|--- 2024-12-11 23:14:05+00:00| seen| https://infosec.exchange/users/cve/statuses/113636726892718971 2025-01-13 17:19:50+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113822190087719298 2025-01-13 21:09:32+00:00| seen|...
WordPress Mark New Posts plugin <= 7.5.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Ngô Thái An Patchstack Alliance in WordPress Plugin Mark New Posts versions = 7.5.1...
CVE-2024-12294 Last Viewed Posts by WPBeginner <= 1.0.1 - Unauthenticated Sensitive Information Exposure
The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'getlegacycookies' function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and permalinks ...
WordPress Last Viewed Posts by WPBeginner plugin <= 1.0.1 - Unauthenticated Sensitive Information Exposure vulnerability
Unauthenticated Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin Last Viewed Posts by WPBeginner versions = 1.0.1...
PT-2024-16697 · WordPress · Members – Membership & User Role Editor Plugin
Name of the Vulnerable Software and Affected Versions: Members – Membership & User Role Editor Plugin versions up to, and including, 3.2.10 Description: The issue allows unauthenticated attackers to extract sensitive data from posts restricted to higher-level roles, such as administrators, via th...
CVE-2024-49138
creationtimestamp| type| source ---|---|--- 2024-12-10 17:33:56+00:00| seen| https://www.thezdi.com/blog/2024/12/10/the-december-2024-security-update-review 2024-12-10 17:58:30+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113629823630772527 2024-12-10 19:22:31+00:00| seen|...
CVE-2024-49112
creationtimestamp| type| source ---|---|--- 2024-12-10 17:33:56+00:00| seen| https://www.thezdi.com/blog/2024/12/10/the-december-2024-security-update-review 2024-12-10 19:12:03+00:00| seen| https://infosec.exchange/users/vuldb/statuses/113630112880421336 2024-12-10 20:52:38+00:00| seen|...
CVE-2023-29237
Missing Authorization vulnerability in Muhammad Rehman Remove Duplicate Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Remove Duplicate Posts: from n/a through 1.3.5...
CVE-2023-29237
Missing Authorization vulnerability in Muhammad Rehman Remove Duplicate Posts remove-duplicate-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Remove Duplicate Posts: from n/a through = 1.3.5...