29 matches found
CVE-2026-54837
Unauthenticated Broken Access Control in Intranet & Private Site All-In-One Intranet = 1.8.1 versions...
EUVD-2026-39680
Unauthenticated Broken Access Control in Intranet & Private Site All-In-One Intranet = 1.8.1 versions...
CVE-2026-54837
The WordPress plugin All-In-One Intranet (Intranet & Private Site) <= 1.8.1 exposes unauthenticated Broken Access Control. Affected software is the All-In-One Intranet WordPress plugin (version
EUVD-2024-17413
Malicious code in bioql PyPI...
EUVD-2022-24916
Malicious code in bioql PyPI...
EUVD-2024-16688
Malicious code in bioql PyPI...
CVE-2024-0978
The My Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.14 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's site privacy feature and view restricted page and post content...
CVE-2022-1627
The My Private Site WordPress plugin before 3.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-45051
Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...
CVE-2024-1678 Subway – Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API
The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post...
CVE-2024-1678
The connected sources confirm CVE-2024-1678 affects the Subway – Private Site Option WordPress plugin and enables Sensitive Information Exposure via the REST API in all versions up to 2.1.4. The vulnerability allows unauthenticated attackers to bypass the plugin’s private-site feature and access ...
CVE-2024-1678 Subway – Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API
The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post...
PT-2024-18214 · WordPress · The Subway – Private Site Option
Name of the Vulnerable Software and Affected Versions: The Subway – Private Site Option plugin for WordPress versions up to, and including, 2.1.4 Description: The issue allows unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post content via the...
WordPress Subway – Private Site Option plugin <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API vulnerability
Improper Access Control to Sensitive Information Exposure via REST API vulnerability discovered by Francesco Carlucci in WordPress Plugin Subway – Private Site Option versions = 2.1.4...
WordPress Subway – Private Site Option Plugin <= 2.1.4 is vulnerable to Sensitive Data Exposure
Software Subway – Private Site Option Type Plugin Vulnerable versions = 2.1.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-1678 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2690fc946af0 Credits Francesco Carlucc...
Subway – Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API
Description The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page...
CVE-2024-0906
The fx Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the API. This makes it possible for unauthenticated attackers to obtain page and post contents of a site protected with this plugin...
CVE-2024-0906
CVE-2024-0906 concerns the WordPress plugin “f(x) Private Site.” The vulnerability allows unauthenticated attackers to access page and post contents protected by the plugin via the plugin’s API. Affected are all versions up to and including 1.2.1. The included Red Hat advisory corroborates the sa...
WordPress Plugin fx Private Site Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...
WordPress f(x) Private Site Plugin <= 1.2.1 is vulnerable to Sensitive Data Exposure
Software fx Private Site Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-0906 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 800faead5d18 Credits Francesco Carlucci Required...