Lucene search
+L

506 matches found

Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.10 views

PT-2024-15674

Name of the Vulnerable Software and Affected Versions The Simple Job Board plugin for WordPress versions up to, and including, 2.10.8 Description The issue allows unauthorized access to data due to insufficient authorization checking on the fetch quick job function. This makes it possible for...

5.3CVSS6.4AI score0.00909EPSS
Exploits0References6
OSV
OSV
added 2024/02/12 4:15 p.m.5 views

CVE-2024-0421

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts...

5.3CVSS5.9AI score0.00568EPSS
Exploits2References1
Prion
Prion
added 2024/02/12 4:15 p.m.19 views

Code injection

The MapPress Maps for WordPress plugin before 2.88.16 does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts...

7.3AI score0.00568EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/02/12 4:5 p.m.16 views

CVE-2024-0421 MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts...

5.4AI score0.00568EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/02/12 12:0 a.m.12 views

WordPress Plugin MapPress Maps Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability previously existed...

5.3CVSS6.7AI score0.00568EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/02/12 12:0 a.m.15 views

PT-2024-15544 · WordPress · Mappress Maps

Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions prior to 2.88.16 Description: The issue affects the MapPress Maps for WordPress plugin, allowing unauthenticated users to read arbitrary private and draft posts due to an Insecure Direct Object Reference...

5.3CVSS7.4AI score0.00568EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2024/02/05 12:0 a.m.9 views

PT-2024-15006 · WordPress · The Events Calendar

Name of the Vulnerable Software and Affected Versions: The Events Calendar plugin for WordPress versions up to, and including, 6.2.8.2 Description: The issue allows unauthenticated attackers to extract potentially sensitive data, including post titles and IDs of pending, private, and draft posts,...

5.3CVSS9.7AI score0.00562EPSS
Exploits0References7
NVD
NVD
added 2024/01/29 3:15 p.m.25 views

CVE-2023-7199

The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request...

5.3CVSS5.2AI score0.00616EPSS
Exploits2References2
OSV
OSV
added 2024/01/29 3:15 p.m.5 views

CVE-2023-7199

The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request...

5.3CVSS5.8AI score0.00616EPSS
Exploits2References2
CNNVD
CNNVD
added 2024/01/29 12:0 a.m.6 views

WordPress plugin Relevanssi security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. The WordPress plugin Relevanssi version...

5.3CVSS6.7AI score0.00616EPSS
Exploits2References3
OSV
OSV
added 2024/01/16 4:15 p.m.4 views

CVE-2023-5922

The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action and REST endpoint, currently disabled in the plugin have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protect...

7.5CVSS5.9AI score0.0071EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/01/16 3:57 p.m.7 views

CVE-2023-5922 Royal Elementor Addons and Templates < 1.3.81 - Unauthenticated Arbitrary Post Read

The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action and REST endpoint, currently disabled in the plugin have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protect...

7.6AI score0.0071EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.20 views

The Events Calendar < 6.2.9 - Unauthenticated Sensitive Information Exposure

Description The plugin is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wpajaxnoprivtribedropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and I...

5.3CVSS6.4AI score0.00562EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/12/18 8:15 p.m.19 views

CVE-2023-6077

The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protect...

6.5CVSS0.00665EPSS
Exploits2References1
OSV
OSV
added 2023/12/18 8:15 p.m.6 views

CVE-2023-6077

The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protect...

6.5CVSS5.9AI score0.00665EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.17 views

Yet Another Stars Rating < 3.4.4 - Missing Authorization via init

Description The Yet Another Stars Rating plugin for WordPress is vulnerable to unauthorized modification of data due to a missing check on the init function in versions up to, and including, 3.4.3. This makes it possible for unauthenticated attackers to vote on private or nonexistent posts...

7AI score0.00431EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2023/11/21 4:32 a.m.8 views

Automattic: Timeline API returns private post when target of a push notification

The Timeline API was able to return private posts when the target of a push notification, even though the user did not have access to the post...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/10/18 12:0 a.m.13 views

WordPress 4.6.x < 4.6.27 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A potential disclosure of user email addresses. - An RCE POP Chains vulnerability. - A Cross-Site Scripting XSS vulnerability in the post link navigation block. - An issue...

6.6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/18 12:0 a.m.9 views

WordPress 4.5.x < 4.5.30 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A potential disclosure of user email addresses. - An RCE POP Chains vulnerability. - A Cross-Site Scripting XSS vulnerability in the post link navigation block. - An issue...

6.6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/18 12:0 a.m.15 views

WordPress 5.0.x < 5.0.20 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A potential disclosure of user email addresses. - An RCE POP Chains vulnerability. - A Cross-Site Scripting XSS vulnerability in the post link navigation block. - An issue...

6.6AI score
Exploits0References2
Rows per page
Query Builder