CVE-2025-67223

The Aranda File Server AFS component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls...

CVE-2025-14280

The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

CVE-2025-14280

The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

CVE-2025-14280

The CVE concerns the WordPress PixelYourSite plugin. All versions up to 11.1.5 expose sensitive information via publicly accessible log files when the Meta API logs setting is enabled (default disabled). Unauthenticated attackers could read potentially sensitive data from those logs. A partial pa...

PT-2025-46264

Name of the Vulnerable Software and Affected Versions Shelf Planner versions 2.7.0 and earlier Description The Shelf Planner plugin for WordPress has a flaw that could expose sensitive information. This is due to publicly exposed log files, potentially allowing unauthenticated attackers to view...

WordPress Content Writer plugin information disclosure vulnerability

WordPress Content Writer plugin is a WordPress plugin mainly used to help users efficiently manage the website content creation, providing convenient content generation and publishing functions. WordPress Content Writer plugin has an information disclosure vulnerability that originates from...

CVE-2025-10486

The Content Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.8 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

CVE-2025-10486

The Content Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.8 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

CVE-2025-8484

CVE-2025-8484 affects the WordPress plugin Code Quality Control Tool (versions 0.1 and earlier) and is due to publicly exposed log files that allow unauthenticated viewing of potentially sensitive information. Wordfence Intelligence notes this as an exposed-information vulnerability with a CVSSv3...

CVE-2025-8484 Code Quality Control Tool <= 2.1 - Unauthenticated Information Exposure via Log Files

The Code Quality Control Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in version 2.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

PT-2025-41676

Name of the Vulnerable Software and Affected Versions Code Quality Control Tool versions 0.1 through 0.1 Description The Code Quality Control Tool plugin for WordPress has a flaw that allows viewing of potentially sensitive information through publicly exposed log files. This impacts...

CVE-2025-10744

The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view information like full paths and...

PT-2025-31593 · Github Actions · Rageagainstthepixel/Setup-Steamcmd

Summary Log output includes authentication token that provides full account access Details The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves...

Mozilla: Microsoft `x-apikey` Exposed in Mozilla CI Public Logs

A Microsoft telemetry API key x-apikey was found exposed in publicly accessible Mozilla CI logs. The key appeared in HTTP POST requests sent to Microsoft's telemetry endpoint during automated Firefox testing and was captured via mitmproxy logs. The security impact was considered minimal as the...

Mozilla: Netlify Authentication Token Exposed in Public Mozilla CI Logs

A critical vulnerability was discovered involving the exposure of a Netlify authentication token within publicly accessible logs. The token provided full access to the "Mozilla IT Web SRE" Netlify account, bypassing all restrictions. The token's permissions encompassed roles such as Owner,...

PT-2024-38647 · WordPress · Pixelyoursite Pro +1

Name of the Vulnerable Software and Affected Versions: PixelYourSite – Your smart PIXEL TAG & API Manager versions up to and including 9.7.1 PixelYourSite PRO versions up to and including 10.4.2 Description: The vulnerability allows unauthenticated attackers to view potentially sensitive...

CVE-2024-6687

The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the /wp-content/uploads/cepw directory. The generated .pdf and log files are publicly accessible and contain sensitive information such as sender a...

CVE-2022-4149

The Netskope client service prior to R96 on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory C:\Users\Public\netSkope for a standard user. The files are created and written with a SYSTEM account except one file logplaceholder which inherits permission giving all...

WordPress Plugin Helpful 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

CVE-2021-25009

The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses...