CVE-2024-1984 Graphene <= 2.9.2 - Missing Authorization

The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source...

CVE-2024-1587 Newsmatic <= 1.3.4 - Unauthenticated Information Exposure via newsmatic_filter_posts_load_tab_content

The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmaticfilterpostsloadtabcontent'. This makes it possible for unauthenticated attackers to view draft posts and post content...

CVE-2024-1465

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘carouselskin’ attribute of the Posts Carousel widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-1464 Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Slider Widget

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Posts Slider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-2974 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.13 - Unauthenticated Sensitive Information Exposure

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the loadmore function. This can allow unauthenticated attackers to extract sensitiv...

CVE-2024-2974

CVE-2024-2974 affects the WordPress plugin “Essential Addons for Elementor” (Lite) up to version 5.9.13, exposing sensitive information via the load_more function. Unauthenticated attackers may extract private and draft posts. Red Hat and NVD entries corroborate the same impact and version range....

CVE-2024-1466 Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Multislider Widget

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sliderstyle’ attribute of the Posts Multislider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-1466 Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Multislider Widget

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sliderstyle’ attribute of the Posts Multislider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-1641 Accordion <= 2.2.96 - Missing Authorization to Authenticated(Contributor+) Post Duplication

The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordionsduplicatepostasdraft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with...

WordPress Theme Graphene 安全漏洞

WordPress is a blogging platform developed in the PHP language by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme Graphene 2.9.2 and earlier versions,...

PT-2024-18069 · Livemesh · Elementor Addons

Name of the Vulnerable Software and Affected Versions: Elementor Addons by Livemesh plugin for WordPress versions up to, and including, 8.3.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the carousel skin attribute ...

WordPress Plugin Essential Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Plugin MasterStudy LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-18361 · WordPress · Autowriter

Name of the Vulnerable Software and Affected Versions: AutoWriter plugin for WordPress versions up to, and including, 3.3 Description: The issue allows authenticated attackers with subscriber access or higher to access, modify, or delete posts due to a missing capability check on functions hooked...

PT-2024-18070 · Livemesh · Elementor Addons

Name of the Vulnerable Software and Affected Versions: Elementor Addons by Livemesh plugin for WordPress versions up to, and including, 8.3.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the slider style attribute o...

PT-2024-18151 · WordPress · Newsmatic

Name of the Vulnerable Software and Affected Versions: Newsmatic theme for WordPress versions up to, and including, 1.3.0 Description: The issue allows unauthenticated attackers to view draft posts and post content due to Sensitive Information Exposure. This is possible via the newsmatic filter...

WordPress Plugin Elementor Addons by Livemesh 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin...

PT-2024-18068 · Livemesh · Elementor Addons

Name of the Vulnerable Software and Affected Versions: Elementor Addons by Livemesh plugin for WordPress versions up to and including 8.3.4 Description: The issue arises from insufficient input sanitization and output escaping in the 'style' attribute of the Posts Slider widget, allowing...

WordPress Plugin AI Post Generator | AutoWriter 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-18472 · WordPress · Graphene

Name of the Vulnerable Software and Affected Versions: The Graphene theme for WordPress versions up to, and including, 2.9.2 Description: The issue allows unauthorized access to data via a meta tag, making it possible for unauthenticated individuals to obtain post contents of password-protected...