CVE-2025-8091 EventON Lite <= 2.4.7 - Authenticated (Contributor+) Information Disclosure

The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the addsingleeventon and addeventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to...

CVE-2025-8091 EventON Lite <= 2.4.6 - Authenticated (Contributor+) Information Disclosure

The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the addsingleeventon and addeventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to...

PT-2025-33465 · WordPress · Eventon Lite

Name of the Vulnerable Software and Affected Versions: EventON Lite versions prior to 2.4.7 Description: The EventON Lite plugin for WordPress is vulnerable to Information Exposure in versions prior to 2.4.7 via the add single eventon and add eventon shortcodes. Insufficient restrictions on post...

CVE-2025-5920

The Sharable Password Protected Posts before version 1.1.1 allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API...

WordPress plugin Sharable Password Protected Posts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress Sharable Password Protected Posts, which stems from the REST API exposing a key that can be exploited by an...

CVE-2024-3679

The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.002. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data...

CVE-2024-7417

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the datafetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected...

CVE-2024-3228

The Social Sharing Plugin – Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. This makes it possible for unauthenticated attackers to view limited content from password protected posts...

CVE-2024-6835

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajaxloadposts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the...

CVE-2024-4997

The WPUpper Share Buttons plugin for WordPress is vulnerable to unauthorized access of data when preparing sharing links for posts and pages in all versions up to, and including, 3.43. This makes it possible for unauthenticated attackers to obtain the contents of password protected posts and page...

CVE-2024-10692

The PowerPack Elementor Addons Free Widgets, Extensions and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included. This makes it possible for...

CVE-2024-12103

The Content No Cache: prevent specific content from being cached plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.1.2 via the eosdyngetcontent action due to insufficient restrictions on which posts can be included. This makes it possible for...

CVE-2024-10667

The Content Slider Block plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1.5 via the csb shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2024-0908

The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts function hooked via an AJAX action in all versions up to, and including, 1.13.4. This makes it possible...

CVE-2024-2795

The SEO SIMPLE PACK plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.1 via META description. This makes it possible for unauthenticated attackers to extract limited information about password protected posts...

CVE-2023-4686

The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...

CVE-2023-7072

The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'getposts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft...

CVE-2023-1371

The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them...

CVE-2023-0890

The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or...

CVE-2023-25454

Missing Authorization vulnerability in Nate Reist Protected Posts Logout Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protected Posts Logout Button: from n/a through 1.4.5...