WordPress WP Show Posts Plugin <= 1.1.4 is vulnerable to Sensitive Data Exposure

Software WP Show Posts Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1479 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 82cf115492e1 Credits Webbernaut Required privileg...

Mattermost race condition

A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts...

GHSA-R4FM-G65H-CR54 Mattermost incorrectly allows access individual posts

Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts' contents in channels they are not a member of...

GHSA-HWJF-4667-GQWX Mattermost allows attackers access to posts in channels they are not a member of

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of...

CVE-2024-1952

Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts' contents in channels they are not a member of...

CVE-2024-1043

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppbremovesavedlayoutdata' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated attackers, with...

CVE-2024-0616

The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for unauthenticated attackers to obtain post titles, slugs, IDs, content and other metadata includin...

Default credentials

The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for unauthenticated attackers to obtain post titles, slugs, IDs, content and other metadata includin...

Default credentials

The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for unauthenticated attackers to obtain post titles, IDs, slugs as well as other information including for...

PT-2024-18446 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 8.1.x through 8.1.8 Description: The issue allows an authenticated attacker who can control the update of an ephemeral post to access individual posts' contents in channels they are not a member of. This is due to a failur...

Mattermost Security Vulnerabilities

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from the inability to check if compliance export is enabled when fetching posts from a public channel, allowing users who are not members of...

WordPress plugin Yet Another Related Posts Plugin security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

CVE-2024-1476

The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages when maintenance mo...

CVE-2024-1368

The Page Duplicator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicatedatpage function in all versions up to, and including, 0.1.1. This makes it possible for unauthenticated attackers to duplicate arbitrary posts and pages...

CVE-2024-0682

The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers t...

CVE-2024-0682

The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers t...

Information disclosure

The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated...

CVE-2024-0682 Page Restrict <= 2.5.5 - Protection Mechanism Bypass

The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers t...

CVE-2024-0680 WP Private Content Plus <= 3.6 - Protection Mechanism Bypass

The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated...

PT-2024-15744 · WordPress · Wp Private Content Plus

Name of the Vulnerable Software and Affected Versions: WP Private Content Plus plugin for WordPress versions up to, and including, 3.6 Description: The issue is related to information disclosure due to the plugin not properly restricting access to posts via the REST API when a page has been made...