Design/Logic Flaw

The Yoast SEO WordPress plugin from versions 16.7 until 17.2 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities...

CVE-2021-25011 WP Google Map < 1.8.1 - Subscriber+ Arbitrary Post Deletion and Plugin's Settings Update

The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings...

WordPress Widgets on Pages and Posts plugin <= 1.4.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Widgets on Pages and Posts plugin versions = 1.4.0. Solution No patched version available...

WordPress Delete Duplicate Posts plugin < 4.7.6 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Delete Duplicate Posts plugin versions 4.7.6. Solution Update the WordPress Delete Duplicate Posts plugin to the latest available version at least 4.7.6...

WordPress Posts List Designer by Category – List Category Posts Or Recent Posts plugin < 2.1.7 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Posts List Designer by Category – List Category Posts Or Recent Posts plugin versions 2.1.7. Solution Update the WordPress Posts List Designer by Category – List Category Posts Or Recent Posts plugin to the latest available...

WordPress "ACF Frontend – Add and edit posts, pages, users and more all from the frontend" plugin < 3.3.33 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress "ACF Frontend – Add and edit posts, pages, users and more all from the frontend" plugin versions 3.3.33. Solution Update the WordPress "ACF Frontend – Add and edit posts, pages, users and more all from the frontend" plugin to...

WordPress WordPress Editable Posts Table for the Frontend plugin < 2.4.15 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WordPress Editable Posts Table for the Frontend plugin versions 2.4.15. Solution Update the WordPress WordPress Editable Posts Table for the Frontend plugin to the latest available version at least...

WordPress Content Slider for WP Posts (Section Slider) plugin <= 0.0.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Content Slider for WP Posts Section Slider plugin versions = 0.0.0. Solution No patched version available...

WordPress Posts List Designer by Category – List Category Posts Or Recent Posts plugin < 2.1.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Posts List Designer by Category – List Category Posts Or Recent Posts plugin versions 2.1.7. Solution Update the WordPress Posts List Designer by Category – List Category Posts Or Recent Posts plugin t...

WordPress WordPress Editable Posts Table for the Frontend plugin < 2.4.15 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WordPress Editable Posts Table for the Frontend plugin versions 2.4.15. Solution Update the WordPress WordPress Editable Posts Table for the Frontend plugin to the latest available version at least 2.4.15...

WordPress Delete Duplicate Posts plugin < 4.7.6 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Delete Duplicate Posts plugin versions 4.7.6. Solution Update the WordPress Delete Duplicate Posts plugin to the latest available version at least 4.7.6...

WordPress Delete old Posts automatically plugin <= 2.0.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Delete old Posts automatically plugin versions = 2.0.2. Solution Update the WordPress Delete old Posts automatically plugin to the latest available version at least 2.1.2...

WordPress SV Posts plugin < 1.8.03 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress SV Posts plugin versions 1.8.03. Solution Update the WordPress SV Posts plugin to the latest available version at least 1.8.03...

WordPress Tabs with Recommended Posts (Widget) plugin <= 1.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Tabs with Recommended Posts Widget plugin versions = 1.0.0. Solution No patched version available...

WordPress Mass Pages/Posts Creator plugin <= 2.1.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Mass Pages/Posts Creator plugin versions = 2.1.4. Solution Update the WordPress Mass Pages/Posts Creator plugin to the latest available version at least 2.1.5...

WordPress WPTools Masonry Gallery & Posts For Divi plugin < 3.1.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WPTools Masonry Gallery & Posts For Divi plugin versions 3.1.2. Solution Update the WordPress WPTools Masonry Gallery & Posts For Divi plugin to the latest available version at least 3.1.2...

WordPress WPTools Masonry Gallery & Posts For Divi plugin < 3.1.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WPTools Masonry Gallery & Posts For Divi plugin versions 3.1.2. Solution Update the WordPress WPTools Masonry Gallery & Posts For Divi plugin to the latest available version at least 3.1.2...

WordPress Restrict Posts based on Conditions – Conditional Post Restrictions plugin <= 1.1.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Restrict Posts based on Conditions – Conditional Post Restrictions plugin versions = 1.1.2. Solution Update the WordPress Restrict Posts based on Conditions – Conditional Post Restrictions plugin to the latest available versio...

WordPress Content Slider for WP Posts (Section Slider) plugin <= 0.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Content Slider for WP Posts Section Slider plugin versions = 0.0.0. Solution No patched version available...

WordPress SV Posts plugin < 1.8.03 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress SV Posts plugin versions 1.8.03. Solution Update the WordPress SV Posts plugin to the latest available version at least 1.8.03...