Lucene search
K

80 matches found

Cvelist
Cvelist
added 2024/02/03 5:38 a.m.35 views

CVE-2024-0909 Anonymous Restricted Content <= 1.6.2 - Protection Mechanism Bypass

The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticat...

5.3CVSS7.4AI score0.00608EPSS
Exploits0References3
NVD
NVD
added 2023/11/20 6:15 p.m.36 views

CVE-2023-48240

XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for images from other...

9CVSS0.0071EPSS
Exploits0References3
OSV
OSV
added 2023/08/30 3:15 p.m.4 views

CVE-2023-4036

The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones...

4.3CVSS5.9AI score0.00453EPSS
Exploits2References1
OSV
OSV
added 2023/06/27 2:15 a.m.12 views

CVE-2023-3371

The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt an...

7.5CVSS5.8AI score0.00544EPSS
Exploits0References6
NVD
NVD
added 2023/06/27 2:15 a.m.26 views

CVE-2023-3371

The EmbedPress plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view...

7.5CVSS6AI score0.00544EPSS
Exploits0References6
Prion
Prion
added 2023/06/27 2:15 a.m.15 views

Hardcoded credentials

The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt an...

5CVSS7.5AI score0.00544EPSS
Exploits0References6Affected Software1
OpenVAS
OpenVAS
added 2023/05/17 12:0 a.m.21 views

WordPress Web Stories Plugin < 1.32 Incorrect Authorization Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:webstories"; ifdescription...

6.5CVSS5.8AI score0.00442EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/07 9:7 p.m.6 views

CVE-2023-1263 CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.6 - Information Exposure

The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmpgetpostdetail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even wh...

5.3CVSS6.6AI score0.01414EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/09/27 12:0 a.m.5 views

WordPress plugin PostX Gutenberg Blocks Saved Templates Addon 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin PostX...

4.3CVSS5.2AI score0.00739EPSS
Exploits1References2
Microsoft KB
Microsoft KB
added 2020/04/09 12:0 a.m.6 views

Protected content playback errors on Windows 8 or Windows Server 2012 after you install KB 2756872

Protected content playback errors on Windows 8 or Windows Server 2012 after you install KB 2756872 Symptoms Consider the following scenario: You have a computer that is running Windows 8 or Windows Server 2012. You install the update in the following Microsoft Knowledge Base article: 2756872...

6.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/02/04 12:0 a.m.34 views

Directory Listing

Web servers permitting directory listing are typically used for sharing files. Directory listing allows the client to view a simple list of all the files and folders hosted on the web server. The client is then able to traverse each directory and download the files. Cyber-criminals will utilise t...

7.1AI score
Exploits0References1
seebug.org
seebug.org
added 2017/04/10 12:0 a.m.43 views

dnaLIMS Code Execution / XSS / Traversal / Session Hijacking (CVE-2017-6526)

dnaLIMS Code Execution / XSS / Traversal / Session Hijacking web-application Advisory URL: https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/ Date published: Mar 08, 2017 Vendor: dnaTools, Inc. CVE IDs: 2017-6526, 2017-6527, 2017-6528, 2017-6529 USCERT VU: 929263...

10CVSS8.6AI score0.574EPSS
Exploits16
Packet Storm
Packet Storm
added 2017/03/10 12:0 a.m.60 views

dnaLIMS Code Execution / XSS / Traversal / Session Hijacking

Title: Multiple vulnerabilities discovered in dnaLIMS DNA sequencing web-application Advisory URL: https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/ Date published: Mar 08, 2017 Vendor: dnaTools, Inc. CVE IDs: 2017-6526, 2017-6527, 2017-6528, 2017-6529 USCERT VU:...

0.9AI score0.574EPSS
Exploits16
Exploit DB
Exploit DB
added 2017/03/10 12:0 a.m.62 views

dnaLIMS DNA Sequencing - Directory Traversal / Session Hijacking / Cross-Site Scripting

Title: Multiple vulnerabilities discovered in dnaLIMS DNA sequencing web-application Advisory URL: https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/ Date published: Mar 08, 2017 Vendor: dnaTools, Inc. CVE IDs: 2017-6526, 2017-6527, 2017-6528, 2017-6529 USCERT VU:...

10CVSS8.1AI score0.574EPSS
Exploits16
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/03/31 4:48 a.m.1 views

All in One SEO Pack information management vulnerability

Overview All in One SEO Pack is a WordPress plugin. All in One SEO Pack automatically adds a meta tag "Meta Description" to a page using some part of its contents, and this behavior is enabled in the initial configuration. Meta Description can be added even when a page is password-protected,...

5CVSS6.5AI score0.03029EPSS
Exploits0References6
OPENSUSE Linux
OPENSUSE Linux
added 2014/02/08 1:4 p.m.71 views

Mozilla updates February 2014 (important)

Updates for mozilla-nss 3.15.4 MozillaFirefox 24.3.0esr MozillaThunderbird 24.3.0 including fixes for the following issues: MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 Miscellaneous memory safety hazards rv:27.0 / rv:24.3 MFSA 2014-02/CVE-2014-1479 bmo911864 Clone protected content with XBL scopes...

10CVSS2AI score0.07072EPSS
Exploits11References1
RedHat Linux
RedHat Linux
added 2014/02/04 8:16 p.m.5 views

Mozilla: Clone protected content with XBL scopes (MFSA 2014-02)

The System Only Wrapper SOW implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involvi...

7.5CVSS7AI score0.04602EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2014/02/04 7:56 p.m.5 views

Mozilla: Clone protected content with XBL scopes (MFSA 2014-02)

The System Only Wrapper SOW implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involvi...

7.5CVSS7AI score0.04602EPSS
Exploits1References5
FreeBSD
FreeBSD
added 2014/02/04 12:0 a.m.51 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2014-01 Miscellaneous memory safety hazards rv:27.0 / rv:24.3 MFSA 2014-02 Clone protected content with XBL scopes MFSA 2014-03 UI selection timeout missing on download prompts MFSA 2014-04 Incorrect use of discarded images by RasterImage MFSA 2014-05 Information...

10CVSS9.1AI score0.07072EPSS
Exploits11References13
Tenable Nessus
Tenable Nessus
added 2012/02/16 12:0 a.m.106 views

Oracle WebCenter Content Default Administration Credentials

Nessus was able to login to Oracle WebCenter Content using a default set of administrative credentials. A remote attacker could utilize these credentials to view and delete protected content or change the content server configuration. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

5.5AI score
Exploits0References1
Rows per page
Query Builder