Lucene search
+L

506 matches found

CNNVD
CNNVD
added 2021/12/13 12:0 a.m.6 views

WordPress 插件安全漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress Page/Post Content Shortcode plugin in and prior versions is vulnerable to an authorization...

4.3CVSS5.7AI score0.00783EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2021/11/17 12:0 a.m.14 views

PT-2021-16333 · WordPress · Insert Pages

Name of the Vulnerable Software and Affected Versions: Insert Pages WordPress plugin versions prior to 3.7.0 Description: The issue allows users with a role as low as Contributor to access content and metadata from arbitrary posts or pages, regardless of their author and status, including private...

4.3CVSS4.6AI score0.00913EPSS
Exploits2References4
OSV
OSV
added 2021/11/08 6:15 p.m.5 views

CVE-2021-24840

The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the queryvars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request...

5.3CVSS5.8AI score0.01131EPSS
Exploits2References1
NVD
NVD
added 2021/11/08 6:15 p.m.20 views

CVE-2021-24840

The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the queryvars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request...

5.3CVSS0.01131EPSS
Exploits2References1
Prion
Prion
added 2021/11/08 6:15 p.m.16 views

Design/Logic Flaw

The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the queryvars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request...

5CVSS5.2AI score0.01131EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/11/08 5:35 p.m.21 views

CVE-2021-24840 Squaretype Modern Blog < 3.0.4 - Unauthenticated Private/Schedule Posts Disclosure

The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the queryvars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request...

5.5AI score0.01131EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/10/26 12:0 a.m.21 views

Bulk Datetime Change < 1.12 - Missing Authorisation

The plugin does not enforce capability checks which allows users with Contributor roles to 1 list private post titles of other users and 2 change the posted date of other users' posts. PoC Run on "Bulk Datetime Change" page:...

5.5CVSS5.5AI score0.00699EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2021/10/18 2:15 p.m.14 views

CVE-2021-24677

The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles...

5.3CVSS0.01212EPSS
Exploits2References1
Cvelist
Cvelist
added 2021/10/18 1:45 p.m.17 views

CVE-2021-24677 Find My Blocks < 3.4.0 - Private Post Titles Disclosure

The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles...

5.6AI score0.01212EPSS
Exploits2References1
CVE
CVE
added 2021/10/18 1:45 p.m.82 views

CVE-2021-24677

The CVE concerns the WordPress plugin Find My Blocks prior to version 3.4.0, where the REST API lacks authorization checks. This allows unauthenticated users to enumerate titles of private posts via the plugin’s REST endpoints (e.g., private post title disclosure). Impact is limited to affected s...

5.3CVSS5.2AI score0.01212EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/11 12:0 a.m.18 views

Squaretype Modern Blog < 3.0.4 - Unauthenticated Private/Schedule Posts Disclosure

The theme allows unauthenticated users to manipulate the queryvars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request. PoC POST /wp-json/csco/v1/more-posts Accept:...

5.3CVSS2.3AI score0.01131EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2021/10/11 12:0 a.m.176 views

Squaretype Modern Blog < 3.0.4 - Unauthenticated Private/Schedule Posts Disclosure

The theme allows unauthenticated users to manipulate the queryvars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request. POST /wp-json/csco/v1/more-posts Accept:...

5.3CVSS2.3AI score0.01131EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2021/09/15 12:0 a.m.16 views

Find My Blocks < 3.4.0 - Private Post Titles Disclosure

The plugin does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles. PoC Create a private post with at least one Gutenburg paragraph block and go to https://example.com/wp-json/find-my-blocks/blocks/?name=core/paragraph...

5.3CVSS0.8AI score0.01212EPSS
Exploits2Affected Software1
Wired Threat Level
Wired Threat Level
added 2021/03/01 2:0 a.m.52 views

Far-Right Platform Gab Has Been Hacked—Including Private Data

The transparency group DDoSecrets says it will make the 70 GB of passwords, private posts, and more available to researchers, journalists, and social scientists...

2.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/05/18 12:0 a.m.57 views

WordPress 5.3.x < 5.3.3 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Six cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An remote attacker can exploit these, by convincing a user to click a...

8.7CVSS6AI score0.13625EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2020/05/18 12:0 a.m.28 views

WordPress 3.7.x < 3.7.33 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Six cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An remote attacker can exploit these, by convincing a user to click a...

8.7CVSS6AI score0.13625EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2020/05/18 12:0 a.m.24 views

WordPress 4.9.x < 4.9.14 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Six cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An remote attacker can exploit these, by convincing a user to click a...

8.7CVSS6AI score0.13625EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2020/05/18 12:0 a.m.19 views

WordPress 4.3.x < 4.3.23 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Six cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An remote attacker can exploit these, by convincing a user to click a...

8.7CVSS6AI score0.13625EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2020/05/18 12:0 a.m.14 views

WordPress 4.0.x < 4.0.30 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Six cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An remote attacker can exploit these, by convincing a user to click a...

8.7CVSS6AI score0.13625EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2020/05/18 12:0 a.m.21 views

WordPress 4.7.x < 4.7.17 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Six cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An remote attacker can exploit these, by convincing a user to click a...

8.7CVSS6AI score0.13625EPSS
Exploits3References8
Rows per page
Query Builder