CVE-2024-31426

Technical details about CVE-2024-31426 are not provided in the supplied documents. The entry describes a CSRF in Data443 Inline Related Posts (up to 3.3.1) with no exploitation data or remediation details; monitor for updates.

CVE-2024-31426 WordPress Inline Related Posts plugin <= 3.3.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Data443 Inline Related Posts.This issue affects Inline Related Posts: from n/a through 3.3.1...

CVE-2024-31426 WordPress Inline Related Posts plugin <= 3.3.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Data443 Inline Related Posts.This issue affects Inline Related Posts: from n/a through 3.3.1...

WordPress Inline Related Posts plugin < 3.6.0 - Subscriber+ Password Protected Post Read vulnerability

Subscriber+ Password Protected Post Read vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Inline Related Posts versions 3.6.0...

CVE-2024-1204

The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts...

CVE-2024-1204 Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure

The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts...

Exploit for Improper Input Validation in Paloaltonetworks Pan-Os

CVE-2024-3400 Compromise Checker A very simple bash script to...

PT-2024-24067 · Data443 · Data443 Inline Related Posts

Name of the Vulnerable Software and Affected Versions: Data443 Inline Related Posts versions 3.3.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

WordPress Plugin Meta Box 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Inline Related Posts Plugin < 3.6.0 is vulnerable to Broken Access Control

Software Inline Related Posts Type Plugin Vulnerable versions 3.6.0 Fixed in 3.6.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6257 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c2f0b627f547 Credits Krzysztof Zając CERT PL...

WordPress Related Posts for WordPress Plugin <= 4.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Related Posts for WordPress Type Plugin Vulnerable versions = 4.0.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32549 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID cc6d55801af6 Credits Dimas...

CVE-2024-0881

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...

CVE-2024-0881

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...

CVE-2024-0881 Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...

CVE-2024-0881 Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...

CVE-2023-6257

The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts...

CVE-2023-6257

The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts...

CVE-2023-6257 Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read

The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts...

PT-2024-22952 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.5.6 Description: The issue allows unauthenticated attackers to extract sensitive data, including password-protected post details, via the element pack aja...

Post Type Builder < 2.1.4 - Subscriber+ Arbitrary Post/Page Creation

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on a function. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary pages and posts...