Lucene search
K

29 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-54837

Unauthenticated Broken Access Control in Intranet & Private Site All-In-One Intranet = 1.8.1 versions...

7.5CVSS0.00278EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-39680

Unauthenticated Broken Access Control in Intranet & Private Site All-In-One Intranet = 1.8.1 versions...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
CVE
CVE
added 6 days ago9 views

CVE-2026-54837

The WordPress plugin All-In-One Intranet (Intranet & Private Site) <= 1.8.1 exposes unauthenticated Broken Access Control. Affected software is the All-In-One Intranet WordPress plugin (version

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-17413

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00448EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-24916

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00412EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-16688

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00468EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:31 a.m.8 views

CVE-2024-0978

The My Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.14 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's site privacy feature and view restricted page and post content...

5.3CVSS6.7AI score0.00461EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:31 p.m.11 views

CVE-2022-1627

The My Private Site WordPress plugin before 3.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS6.7AI score0.00412EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:42 a.m.11 views

CVE-2024-45051

Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...

8.2CVSS6.9AI score0.00366EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.12 views

CVE-2024-1678 Subway – Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API

The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post...

5.3CVSS5.8AI score0.00448EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:52 p.m.78 views

CVE-2024-1678

The connected sources confirm CVE-2024-1678 affects the Subway – Private Site Option WordPress plugin and enables Sensitive Information Exposure via the REST API in all versions up to 2.1.4. The vulnerability allows unauthenticated attackers to bypass the plugin’s private-site feature and access ...

5.3CVSS9.2AI score0.00448EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.17 views

CVE-2024-1678 Subway – Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API

The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post...

5.3CVSS6.5AI score0.00448EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.4 views

PT-2024-18214 · WordPress · The Subway – Private Site Option

Name of the Vulnerable Software and Affected Versions: The Subway – Private Site Option plugin for WordPress versions up to, and including, 2.1.4 Description: The issue allows unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post content via the...

5.3CVSS7AI score0.00448EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/04/30 7:52 a.m.5 views

WordPress Subway – Private Site Option plugin <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API vulnerability

Improper Access Control to Sensitive Information Exposure via REST API vulnerability discovered by Francesco Carlucci in WordPress Plugin Subway – Private Site Option versions = 2.1.4...

5.3CVSS6.8AI score0.00448EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/30 12:0 a.m.8 views

WordPress Subway – Private Site Option Plugin <= 2.1.4 is vulnerable to Sensitive Data Exposure

Software Subway – Private Site Option Type Plugin Vulnerable versions = 2.1.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-1678 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2690fc946af0 Credits Francesco Carlucc...

5.3CVSS6.5AI score0.00448EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.23 views

Subway – Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API

Description The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page...

5.3CVSS6.8AI score0.00448EPSS
Exploits0References1
OSV
OSV
added 2024/03/12 9:15 a.m.3 views

CVE-2024-0906

The fx Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the API. This makes it possible for unauthenticated attackers to obtain page and post contents of a site protected with this plugin...

5.3CVSS5.6AI score0.00468EPSS
Exploits0References2
CVE
CVE
added 2024/03/12 8:34 a.m.94 views

CVE-2024-0906

CVE-2024-0906 concerns the WordPress plugin “f(x) Private Site.” The vulnerability allows unauthenticated attackers to access page and post contents protected by the plugin via the plugin’s API. Affected are all versions up to and including 1.2.1. The included Red Hat advisory corroborates the sa...

5.3CVSS6AI score0.00468EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/03/12 12:0 a.m.6 views

WordPress Plugin fx Private Site Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

5.3CVSS6.6AI score0.00468EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/03/12 12:0 a.m.10 views

WordPress f(x) Private Site Plugin <= 1.2.1 is vulnerable to Sensitive Data Exposure

Software fx Private Site Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-0906 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 800faead5d18 Credits Francesco Carlucci Required...

5.3CVSS6.5AI score0.00468EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder