Elementor Addon Elements < 1.12.8 - Unauthenticated Post ID/Tile Disclosure

Description The plugin does not have authorisation in its ajaxeaepostdata function, allowing unauthenticated users to retrieve arbitrary posts/pages such as draft, private etc IDs and tiles...

ImageMapper <= 1.2.6 - Subscriber+ Arbitrary Post Deletion

Description The plugin does not authoring in its imgmapdeleteareaajax AJAX action, allowing any authenticated users, such as subscriber to delete arbitrary posts and pages...

CVE-2019-2535

creationtimestamp| type| source ---|---|--- 2023-11-15 16:53:03+00:00| published-proof-of-concept| https://t.me/BABATATASASA/5977 2023-11-15 17:01:59+00:00| published-proof-of-concept| https://t.me/BABATATASASA/5994...

CVE-2023-43979

ETS Soft ybcblog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component YbcblogBlogModuleFrontController::getPosts...

WordPress Delete Duplicate Posts Plugin <= 4.8.9 is vulnerable to Broken Access Control

Software Delete Duplicate Posts Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47754 Patch priority Low CVSS severity Low 4.3 Developer CleverPlugins.com PSID e78902a6f1d5 Credits Huynh Tien Si Required...

CVE-2023-47120 Discourse DoS through Onebox favicon URL

Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the stable branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the beta and tests-passed branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting...

Discourse Security Breach

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse versions 3.1.0 through 3.1.2, which originates from potentially exhausting Redis memory by creating a website with an unusually...

PT-2023-30324 · Discourse +1 · Discourse +1

Name of the Vulnerable Software and Affected Versions: Discourse versions 3.1.0 through 3.1.2 Discourse versions 3.1.0,beta6 through 3.2.0.beta2 Description: Discourse is an open source platform for community discussion. In the affected versions, Redis memory can be depleted by crafting a site wi...

CVE-2023-47238

Cross-Site Request Forgery CSRF vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin = 3.3.2 versions...

CVE-2023-47238

Cross-Site Request Forgery CSRF vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin = 3.3.2 versions...

CVE-2023-47238

The CVE-2023-47238 entry concerns WebberZone Top 10 – WordPress Popular posts by WebberZone plugin. A CSRF vulnerability affects versions

WordPress Templately - Gutenberg & Elementor Template Library Plugin < 2.2.6 Missing Authorization Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:templately:templately"; ifdescription...

CVE-2022-44738

Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3...

CVE-2022-44738

Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3...

Input validation

Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3...

CVE-2022-44738 WordPress Posts and Users Stats plugin 1.1.3 - CSV Injection vulnerability

A vulnerability in Patrick Robrecht Posts and Users Stats posts-and-users-stats.This issue affects Posts and Users Stats: from n/a through = 1.1.3...

CVE-2022-44738

CVE-2022-44738 relates to the WordPress Posts and Users Stats plugin (

CVE-2023-5506

The ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'imgmapdeleteareaajax' function in versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

wpDiscuz < 7.6.11 - Insufficient Authorization to Comment Submission on Deleted Posts

Description The plugin is vulnerable to unauthorized modification of data due to insufficient validation on the comment functionality, making it possible for unauthenticated attackers to leave comments on trashed posts...

PT-2023-14543 · Unknown · Posts/Users Stats

Name of the Vulnerable Software and Affected Versions: Posts and Users Stats versions 1.1.3 and earlier Description: The issue is related to the improper neutralization of formula elements in a CSV file, which affects Posts and Users Stats. Recommendations: For versions 1.1.3 and earlier, update ...