Lucene search
+L

506 matches found

ATTACKERKB
ATTACKERKB
added 2022/04/11 3:15 p.m.6 views

CVE-2022-0914

The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages including private and draft into an arbitrary CSV file, which the attacker can then download and retrieve the list of...

6.5CVSS6.8AI score0.00635EPSS
Exploits1References2
OSV
OSV
added 2022/04/11 3:15 p.m.8 views

CVE-2022-0914

The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages including private and draft into an arbitrary CSV file, which the attacker can then download and retrieve the list of...

6.5CVSS5.9AI score0.00635EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/11 12:0 a.m.34 views

WordPress Document Embedder plugin information leakage vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Document Embedder plugin versions prior to 1.7.5 contain an information disclosure vulnerability that could be exploited to all...

5CVSS1.8AI score0.01327EPSS
Exploits2Affected Software1
OSV
OSV
added 2022/02/01 1:15 p.m.3 views

CVE-2021-24868

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...

4.3CVSS5.9AI score
Exploits0References1
NVD
NVD
added 2022/02/01 1:15 p.m.30 views

CVE-2021-24775

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...

5.3CVSS0.01327EPSS
Exploits2References1
NVD
NVD
added 2022/02/01 1:15 p.m.28 views

CVE-2021-24868

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...

4.3CVSS0.00891EPSS
Exploits2References1
OSV
OSV
added 2022/02/01 1:15 p.m.7 views

CVE-2021-24775

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...

5.3CVSS5.9AI score
Exploits0References1
Prion
Prion
added 2022/02/01 1:15 p.m.19 views

Design/Logic Flaw

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...

5CVSS5.4AI score0.01327EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/02/01 12:21 p.m.32 views

CVE-2021-24868 Document Embedder < 1.7.9 - Subscriber+ Arbitrary Private/Draft Post Title Disclosure

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...

5AI score0.00891EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.8 views

WordPress 安全漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Document Embedder plugin versions prior to 1.7.5 contain an information disclosure vulnerability that could be exploited to all...

5.3CVSS5.8AI score0.01327EPSS
Exploits2References2
OSV
OSV
added 2022/01/10 4:15 p.m.4 views

CVE-2021-24948

The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tpgetdlpostinfoajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts...

7.5CVSS5.8AI score0.01815EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/01/10 12:0 a.m.8 views

PT-2022-9522 · WordPress · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor - Pro WordPress plugin versions prior to 5.0.7 Description: The issue concerns the lack of validation for the qvquery parameter in the tp get dl post info ajax AJAX action. This could potentially allow...

7.5CVSS7.5AI score0.01815EPSS
Exploits2References4
WPVulnDB
WPVulnDB
added 2022/01/03 12:0 a.m.21 views

Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure

The plugin contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts. PoC https://example.com/wp-json/doc/v1/single/509 509 being the ID of a private/draft Post...

5.3CVSS1.5AI score0.01327EPSS
Exploits2Affected Software1
NVD
NVD
added 2021/12/21 9:15 a.m.14 views

CVE-2021-24739

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature...

8.1CVSS0.01006EPSS
Exploits2References1
OSV
OSV
added 2021/12/21 9:15 a.m.6 views

CVE-2021-24739

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature...

8.1CVSS5.9AI score0.01006EPSS
Exploits2References1
Prion
Prion
added 2021/12/21 9:15 a.m.17 views

Design/Logic Flaw

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature...

5.5CVSS8AI score0.01006EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.4 views

WordPress 插件授权问题漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress Logo Carousel plugin is vulnerable to authorization issues in versions prior to 3.4.2. The...

8.1CVSS5.9AI score0.01006EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2021/12/21 12:0 a.m.7 views

PT-2021-16240 · WordPress · Logo Carousel

Name of the Vulnerable Software and Affected Versions: Logo Carousel WordPress plugin versions prior to 3.4.2 Description: The issue allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature...

8.1CVSS8AI score0.01006EPSS
Exploits2References4
OSV
OSV
added 2021/12/13 11:15 a.m.3 views

CVE-2021-24780

The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able...

4.3CVSS5.9AI score0.00435EPSS
Exploits2References1
OSV
OSV
added 2021/12/13 11:15 a.m.5 views

CVE-2021-24819

The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as...

4.3CVSS5.8AI score0.00783EPSS
Exploits2References1
Rows per page
Query Builder