CVE-2024-2795

CVE-2024-2795 pertains to the SEO SIMPLE PACK WordPress plugin and describes an Information Exposure vulnerability in all versions up to 3.2.1. According to connected sources, the issue arises via the META description, allowing unauthenticated attackers to extract limited information about passwo...

CVE-2024-2795 SEO SIMPLE PACK <= 3.2.1 - Information Exposure

The SEO SIMPLE PACK plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.1 via META description. This makes it possible for unauthenticated attackers to extract limited information about password protected posts...

CVE-2024-5615

The Open Graph plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.2 via the 'opengraphdefaultdescription' function. This makes it possible for unauthenticated attackers to extract sensitive data including partial content of...

WPUpper Share Buttons <= 3.43 - Missing Authorization

Description The WPUpper Share Buttons plugin for WordPress is vulnerable to unauthorized access of data when preparing sharing links for posts and pages in all versions up to, and including, 3.43. This makes it possible for unauthenticated attackers to obtain the contents of password protected...

CVE-2024-3626

CVE-2024-3626: The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin has a Missing Authorization flaw in get_template_content that allows authenticated users with subscriber access and above to read private and password‑protected po...

CVE-2024-3312

The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.12. This makes it possible for unauthenticated attackers to obtain excerpts of password-protected posts...

CVE-2023-6962

The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.12 via the meta description. This makes it possible for unauthenticated attackers to disclose potentially sensitive information via the meta description of...

CVE-2024-3312

CVE-2024-3312 affects the Easy Custom Auto Excerpt WordPress plugin (versions up to 2.4.12). It allows unauthenticated attackers to obtain excerpts from password-protected posts, constituting Sensitive Information Exposure. CVSS v3.1 is 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (base score 5.3, Med...

CVE-2024-3312 Easy Custom Auto Excerpt <= 2.4.12 - Sensitive Information Exposure

The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.12. This makes it possible for unauthenticated attackers to obtain excerpts of password-protected posts...

CVE-2024-3312 Easy Custom Auto Excerpt <= 2.4.12 - Sensitive Information Exposure

The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.12. This makes it possible for unauthenticated attackers to obtain excerpts of password-protected posts...

CVE-2023-6962 WP Meta SEO <= 4.5.12 - Information Exposure via Meta Description

The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.12 via the meta description. This makes it possible for unauthenticated attackers to disclose potentially sensitive information via the meta description of...

CVE-2023-6962 WP Meta SEO <= 4.5.12 - Information Exposure via Meta Description

The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.12 via the meta description. This makes it possible for unauthenticated attackers to disclose potentially sensitive information via the meta description of...

CVE-2023-6962

CVE-2023-6962 affects the WP Meta SEO WordPress plugin, with a Sensitive Information Exposure vulnerability present in all versions up to and including 4.5.12, allowing unauthenticated attackers to disclose sensitive data via the meta description of password-protected posts. The linked records co...

PT-2024-15912 · WordPress · The Advanced Post Block – Display Posts

Name of the Vulnerable Software and Affected Versions: The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress versions up to, and including, 1.13.1 Description: The issue is related to unauthorized access of data due to a missing capability check on the...

PT-2024-25121 · WordPress · Easy Custom Auto Excerpt

Name of the Vulnerable Software and Affected Versions: Easy Custom Auto Excerpt plugin for WordPress versions up to, and including, 2.4.12 Description: The issue allows unauthenticated attackers to obtain excerpts of password-protected posts, potentially exposing sensitive information...

CVE-2024-3678 Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 - Information Exposure

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts...

CVE-2024-3678 Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 - Information Exposure

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts...

Easy Custom Auto Excerpt < 2.5.0 - Sensitive Information Exposure

Description The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.12. This makes it possible for unauthenticated attackers to obtain excerpts of password-protected posts...

WP Meta SEO < 4.5.13 - Unauthenticated Password Protected Content Access

Description The plugin is vulnerable to Sensitive Information Exposure via the meta description, allowing unauthenticated attackers to disclose potentially sensitive information via the meta description of password-protected posts...

WordPress Combo Blocks plugin < 2.2.76 - Unauthenticated Password Protected Posts Access vulnerability

Unauthenticated Password Protected Posts Access vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Post Grid and Gutenberg Blocks versions 2.2.76...