PT-2024-22980 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress versions up to, and including, 5.9.13 Description: The issue allows unauthenticated attackers to extract sensitive data,...

WordPress Theme Newsmatic 安全漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme Newsmatic 1.3.0 and earlier versions, which stems...

WordPress Inline Related Posts plugin < 3.5.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Inline Related Posts versions 3.5.0...

CVE-2024-2444

The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-2950

The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information og:description This makes it possible for unauthenticated attackers to view the first 130 characters of a password protecte...

UBUNTU-CVE-2023-5692

WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirectguess404permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publiclyqueryable' post status has been set to 'false'...

PT-2024-22926 · Boldgrid · Boldgrid Easy Seo

Name of the Vulnerable Software and Affected Versions: The BoldGrid Easy SEO plugin for WordPress versions up to, and including, 1.6.14 Description: The issue allows unauthenticated attackers to view the first 130 characters of a password-protected post, which can contain sensitive information, v...

CVE-2024-1418

The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2 via the REST API. This makes it possible for unauthenticated attackers to view protected posts via REST API even when maintenance mode is enabled...

CVE-2024-1418

The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2 via the REST API. This makes it possible for unauthenticated attackers to view protected posts via REST API even when maintenance mode is enabled...

CVE-2024-1418 CGC Maintenance Mode <= 1.2 - Sensitive Information Exposure

The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2 via the REST API. This makes it possible for unauthenticated attackers to view protected posts via REST API even when maintenance mode is enabled...

CVE-2024-1418

CVE-2024-1418 affects the CGC Maintenance Mode plugin for WordPress. According to connected sources, versions up to and including 1.2 are vulnerable to sensitive information exposure via the REST API, allowing unauthenticated attackers to view protected posts while maintenance mode is enabled. Th...

PT-2024-18028 · WordPress · Cgc Maintenance Mode

Name of the Vulnerable Software and Affected Versions: CGC Maintenance Mode plugin for WordPress versions up to, and including, 1.2 Description: The issue allows unauthenticated attackers to view protected posts via the REST API, even when maintenance mode is enabled. This is possible due to...

CGC Maintenance Mode <= 1.2 - Sensitive Information Exposure

Description The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2 via the REST API. This makes it possible for unauthenticated attackers to view protected posts via REST API even when maintenance mode is enabled...

PT-2024-21966 · Unknown · Genesis Blocks

Name of the Vulnerable Software and Affected Versions: Genesis Blocks versions prior to 3.1.3 Description: The issue allows attackers to conduct Stored XSS attacks by exploiting improperly escaped data input in some of the plugin's blocks, potentially enabling them to create admin accounts via...

CVE-2024-1732

The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wadsremoveProductFromShop function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers...

CVE-2024-1732 Sharkdropship for AliExpress Dropshipping and Affiliate <= 2.2.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wadsremoveProductFromShop function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers...

CVE-2024-1732

CVE-2024-1732 : The Sharkdropship Dropshipping & Affiliate for AliExpress WordPress plugin is vulnerable to unauthenticated data loss via a missing capability check in wads_removeProductFromShop(), affecting all versions up to 2.2.4. Impact is unauthorized deletion of posts; CVSS indicates networ...

CVE-2024-1732 Sharkdropship for AliExpress Dropshipping and Affiliate <= 2.2.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wadsremoveProductFromShop function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers...

WordPress Hubbub Lite plugin < 1.33.1 - Unauthenticated Password Protected Posts Access vulnerability

Unauthenticated Password Protected Posts Access vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Hubbub Lite versions 1.33.1...

CVE-2024-1526

The Hubbub Lite WordPress plugin before 1.33.1 does not ensure that user have access to password protected post before displaying its content in a meta tag...