Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6235 matches found

Cvelist
Cvelistadded 2023/03/20 3:52 p.m.28 views

CVE-2023-0890 Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access

The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or...

6.4AI score0.00654EPSS
Exploits2References1
Positive Technologies
Positive Technologiesadded 2023/03/20 12:0 a.m.6 views

PT-2023-16593 · WordPress · Shortcodes Ultimate

Name of the Vulnerable Software and Affected Versions: Shortcodes Ultimate WordPress plugin versions prior to 5.12.8 Description: The issue allows any authenticated users, such as subscribers, to view draft, private, or even password-protected posts. It is also possible to leak the password of...

6.5CVSS6.7AI score0.00654EPSS
Exploits2References4
CNNVD
CNNVDadded 2023/03/20 12:0 a.m.5 views

WordPress Plugin Shortcodes Ultimate 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...

6.5CVSS7AI score0.00654EPSS
Exploits2References2
OSV
OSVadded 2023/03/13 5:15 p.m.3 views

CVE-2023-0772

The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protecte...

6.5CVSS7AI score0.00778EPSS
Exploits2References1
OSV
OSVadded 2023/03/13 5:15 p.m.6 views

CVE-2023-0749

The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones...

6.5CVSS7AI score0.00654EPSS
Exploits2References1
NVD
NVDadded 2023/03/13 5:15 p.m.12 views

CVE-2023-0772

The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protecte...

6.5CVSS6.5AI score0.00778EPSS
Exploits2References1
Prion
Prionadded 2023/03/13 5:15 p.m.16 views

Buffer overflow

The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones...

4CVSS6.5AI score0.00654EPSS
Exploits2References1Affected Software1
Prion
Prionadded 2023/03/13 5:15 p.m.18 views

Buffer overflow

The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protecte...

4CVSS6.5AI score0.00778EPSS
Exploits2References1Affected Software1
Cvelist
Cvelistadded 2023/03/13 4:3 p.m.26 views

CVE-2023-0749 Ocean Extra < 2.1.3 - Subscriber+ Arbitrary Post Content Disclosure

The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones...

6.6AI score0.00654EPSS
Exploits2References1
Vulnrichment
Vulnrichmentadded 2023/03/13 4:3 p.m.8 views

CVE-2023-0772 Popup Builder by OptinMonster < 2.12.2 - Subscriber+ Arbitrary Post Content Disclosure

The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protecte...

6.5AI score0.00778EPSS
Exploits2References1
Patchstack
Patchstackadded 2023/03/13 12:0 a.m.10 views

WordPress Auto Prune Posts Plugin <= 1.8.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Auto Prune Posts Type Plugin Vulnerable versions = 1.8.0 Fixed in 2.0.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27423 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 33db7e51421d Credits Mika Required...

8.8CVSS6.7AI score0.00265EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2023/03/13 12:0 a.m.5 views

PT-2023-16518 · Optinmonster · The Popup Builder By Optinmonster

Name of the Vulnerable Software and Affected Versions: The Popup Builder by OptinMonster WordPress plugin versions prior to 2.12.2 Description: The issue allows any authenticated users, such as subscribers, to retrieve the content of arbitrary posts, including drafts, private, or password-protect...

6.5CVSS8.7AI score0.00778EPSS
Exploits2References5
0day.today
0day.todayadded 2023/03/13 12:0 a.m.607 views

Shopify Cross Site Scripting Vulnerability

Correspondence from Shopify declined to comment regarding new discovered vulnerabilities within their website. Although 'frontend' vulnerabilities are considered out of scope, person/tester foundhimself a beefy bugbounty from the same page that has been listed below, including similar functionali...

7.1AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2023/03/13 12:0 a.m.7 views

PT-2023-16500 · WordPress · Ocean Extra

Name of the Vulnerable Software and Affected Versions: Ocean Extra WordPress plugin versions prior to 2.1.3 Description: The issue allows any authenticated users, such as subscribers, to retrieve the content of arbitrary posts, including drafts, private, or password-protected ones, by not ensurin...

6.5CVSS9.5AI score0.00654EPSS
Exploits2References5
Packet Storm
Packet Stormadded 2023/03/13 12:0 a.m.264 views

Shopify Cross Site Scripting

Correspondence from Shopify declined to comment regarding new discovered vulnerabilities within their website. Although 'frontend' vulnerabilities are considered out of scope, person/tester foundhimself a beefy bugbounty from the same page that has been listed below, including similar functionali...

Exploits0
ATTACKERKB
ATTACKERKBadded 2023/03/10 8:15 p.m.2 views

CVE-2023-1345

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queueposts function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS6.6AI score0.00307EPSS
Exploits0References3
OSV
OSVadded 2023/03/10 8:15 p.m.7 views

CVE-2023-1345

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queueposts function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS7.2AI score0.00307EPSS
Exploits0References2
OSV
OSVadded 2023/03/10 8:15 p.m.5 views

CVE-2023-1334

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queueposts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS7.3AI score0.00548EPSS
Exploits0References2
CNNVD
CNNVDadded 2023/03/10 12:0 a.m.6 views

WordPress plugin RapidLoad Power-Up for Autoptimize 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in the...

4.3CVSS6.2AI score0.00307EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2023/03/10 12:0 a.m.5 views

PT-2023-16903 · WordPress · Rapidload Power-Up For Autoptimize

Name of the Vulnerable Software and Affected Versions: RapidLoad Power-Up for Autoptimize plugin for WordPress versions up to, and including, 1.7.1 Description: The issue is related to unauthorized cache modification due to a missing capability check on the queue posts function. This allows...

4.3CVSS5.2AI score0.00548EPSS
Exploits0References7
Rows per page
Query Builder