CVE-2024-2038

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible fo...

CVE-2024-2038

CVE-2024-2038 affects the Visual Website Collaboration, Feedback & Project Management – Atarim WordPress plugin. The vulnerability arises from hardcoded credentials used to authenticate all incoming API requests, enabling unauthorized access. Exploitation allows unauthenticated attackers to modif...

CVE-2024-2038 Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.22.6 - Hardcoded Credentials

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible fo...

CVE-2024-2038 Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.22.6 - Hardcoded Credentials

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible fo...

CVE-2024-3626

CVE-2024-3626: The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin has a Missing Authorization flaw in get_template_content that allows authenticated users with subscriber access and above to read private and password‑protected po...

PT-2024-18654 · WordPress · Atarim

Name of the Vulnerable Software and Affected Versions: The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress versions up to, and including, 3.22.6 Description: The issue is due to the use of hardcoded credentials to authenticate all incoming API requests...

WordPress plugin Email Subscribers by Icegram Express 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in WordPress plugin Email...

PT-2024-26937 · Icegram Express · Email Subscribers

Name of the Vulnerable Software and Affected Versions: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin versions up to, and including, 5.7.17 Description: The issue allows authenticated attackers with subscriber access and above to...

CVE-2024-1446

CVE-2024-1446 affects NextScripts: Social Networks Auto-Poster for WordPress. The vulnerability is a Cross-Site Request Forgery on the nxssnap-reposter page that allowed unauthenticated attackers to delete posts/pages via forged admin actions. It affects all versions up to and including 4.4.3. Co...

CVE-2024-3663 WP Scraper <= 5.7 - Missing Authorization to Arbitrary Page/Post Creation

The WP Scraper plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpscrapermultiscrapeaction function in all versions up to, and including, 5.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to create...

PT-2024-27103 · WordPress · Wp Scraper

Name of the Vulnerable Software and Affected Versions: WP Scraper plugin for WordPress versions up to, and including, 5.7 Description: The issue is related to unauthorized access due to a missing capability check on the wp scraper multi scrape action function. This allows authenticated attackers...

WordPress Plugin WP Scraper 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-3268

The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emdformbuilderlitesubmitform function in all versions up to, and including, 3.3.6. This makes it...

CVE-2024-27130

creationtimestamp| type| source ---|---|--- 2024-05-17 10:46:29+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/7326 2024-05-17 13:15:37+00:00| published-proof-of-concept| https://t.me/proxybar/2084 2024-05-18 01:45:02+00:00| published-proof-of-concept| https://t.me/DARKSPOTTEAM/431...

WordPress plugin YARPP 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

CVE-2024-4204 Bulk Posts Editing For WordPress <= 4.2.3 - Cross-Site Request Forgery

The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to missing or incorrect nonce validation on the plugin's AJAX actions.. This makes it possible for unauthenticated attackers to create and...

WordPress Bulk Posts Editing For WordPress plugin <= 4.2.3 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Bulk Posts Editing For WordPress versions = 4.2.3...

WordPress Bulk Posts Editing For WordPress Plugin <= 4.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Bulk Posts Editing For WordPress Type Plugin Vulnerable versions = 4.2.3 Fixed in 4.2.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4204 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9475f46fc3bd Credits...

WOLF – WordPress Posts Bulk Editor and Manager Professional < 1.0.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...

PT-2024-29706 · WordPress · Bulk Posts Editing For Wordpress

Name of the Vulnerable Software and Affected Versions: Bulk Posts Editing For WordPress plugin for WordPress versions up to, and including, 4.2.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the plugin's AJAX actions. This allows...