Lucene search
K

34 matches found

Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.5 views

PT-2025-33136 · WordPress · Ppwp – Password Protect Pages

Name of the Vulnerable Software and Affected Versions: PPWP – Password Protect Pages WordPress plugin versions prior to 1.9.11 Description: The PPWP – Password Protect Pages WordPress plugin prior to version 1.9.11 allows site content to be placed behind password authorization; however, users wit...

6.5CVSS6.3AI score0.0029EPSS
Exploits1References6
NVD
NVD
added 2025/07/18 12:15 p.m.21 views

CVE-2025-6227

Mattermost versions 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API...

3.1CVSS0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/18 12:0 a.m.4 views

PT-2025-30028 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.7 Mattermost versions 9.11.x through 9.11.16 Description: Mattermost fails to negotiate a new token when accepting an invite. This allows a user who intercepts both the invite and the password to send...

2.2CVSS6.4AI score0.00175EPSS
Exploits0References9
CVE
CVE
added 2025/07/04 9:52 a.m.22 views

CVE-2025-5920

CVE-2025-5920 affects the WordPress plugin Sharable Password Protected Posts (versions

7.5CVSS6.6AI score0.0038EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.7 views

WordPress plugin SureMembers 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

5.3CVSS7.9AI score0.00511EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.5 views

PT-2024-15951 · WordPress · Buddypress Members Only

Name of the Vulnerable Software and Affected Versions: BuddyPress Members Only plugin for WordPress versions up to, and including, 3.3.5 Description: The issue allows unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to Guest" feature and view...

5.3CVSS7.1AI score0.00443EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.6 views

PT-2024-18028 · WordPress · Cgc Maintenance Mode

Name of the Vulnerable Software and Affected Versions: CGC Maintenance Mode plugin for WordPress versions up to, and including, 1.2 Description: The issue allows unauthenticated attackers to view protected posts via the REST API, even when maintenance mode is enabled. This is possible due to...

5.3CVSS9.4AI score0.00425EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.6 views

WordPress Plugin Coming Soon Maintenance Mode Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.3CVSS6.3AI score0.00461EPSS
Exploits0References3
OSV
OSV
added 2024/02/28 9:15 a.m.4 views

CVE-2024-1476

The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages when maintenance mo...

5.3CVSS5.8AI score0.00479EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/28 12:0 a.m.7 views

WordPress Plugin WordPress Access Control Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

5.3CVSS6.3AI score0.00517EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/01/24 12:0 a.m.6 views

StarWind Command Center 权限许可和访问控制问题漏洞

StarWind Command Center is a single management platform for managing and monitoring Ui from StarWind, Inc. designed to simplify and automate the control of day-to-day Hci routines. StarWind Command Center has a Privilege Permission and Access Control Issue vulnerability that stems from the fact...

9CVSS8.2AI score0.01121EPSS
Exploits0References3
NCSC
NCSC
added 2021/04/16 12:0 a.m.5 views

Vulnerabilities fixed in WordPress

WordPress developers have fixed several vulnerabilities fixed. An authenticated remote malicious person could potentially exploit these vulnerabilities potentially exploit them to perform an XML External Entity XXE attack. This vulnerability is located in the way uploaded MP3 files are processed ...

6.9AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2020/03/09 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-10257

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trxaddons/v2/get/sclayout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trxaddonsrestgetsclayout with an unsafe sc parameter...

9.8CVSS7.3AI score0.08877EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2017/01/23 12:0 a.m.29 views

Fedora 24 : wordpress (2017-01c3288bef)

WordPress 4.7.1 Security and Maintenance Release This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7 and earlier are affected by eight security issues : - Remote code execution RCE in PHPMailer No specific iss...

6AI score
Exploits0References3
Rows per page
Query Builder