34 matches found
PT-2025-33136 · WordPress · Ppwp – Password Protect Pages
Name of the Vulnerable Software and Affected Versions: PPWP – Password Protect Pages WordPress plugin versions prior to 1.9.11 Description: The PPWP – Password Protect Pages WordPress plugin prior to version 1.9.11 allows site content to be placed behind password authorization; however, users wit...
CVE-2025-6227
Mattermost versions 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API...
PT-2025-30028 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.7 Mattermost versions 9.11.x through 9.11.16 Description: Mattermost fails to negotiate a new token when accepting an invite. This allows a user who intercepts both the invite and the password to send...
CVE-2025-5920
CVE-2025-5920 affects the WordPress plugin Sharable Password Protected Posts (versions
WordPress plugin SureMembers 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...
PT-2024-15951 · WordPress · Buddypress Members Only
Name of the Vulnerable Software and Affected Versions: BuddyPress Members Only plugin for WordPress versions up to, and including, 3.3.5 Description: The issue allows unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to Guest" feature and view...
PT-2024-18028 · WordPress · Cgc Maintenance Mode
Name of the Vulnerable Software and Affected Versions: CGC Maintenance Mode plugin for WordPress versions up to, and including, 1.2 Description: The issue allows unauthenticated attackers to view protected posts via the REST API, even when maintenance mode is enabled. This is possible due to...
WordPress Plugin Coming Soon Maintenance Mode Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2024-1476
The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages when maintenance mo...
WordPress Plugin WordPress Access Control Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
StarWind Command Center 权限许可和访问控制问题漏洞
StarWind Command Center is a single management platform for managing and monitoring Ui from StarWind, Inc. designed to simplify and automate the control of day-to-day Hci routines. StarWind Command Center has a Privilege Permission and Access Control Issue vulnerability that stems from the fact...
Vulnerabilities fixed in WordPress
WordPress developers have fixed several vulnerabilities fixed. An authenticated remote malicious person could potentially exploit these vulnerabilities potentially exploit them to perform an XML External Entity XXE attack. This vulnerability is located in the way uploaded MP3 files are processed ...
VulnCheck KEV: CVE-2020-10257
The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trxaddons/v2/get/sclayout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trxaddonsrestgetsclayout with an unsafe sc parameter...
Fedora 24 : wordpress (2017-01c3288bef)
WordPress 4.7.1 Security and Maintenance Release This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7 and earlier are affected by eight security issues : - Remote code execution RCE in PHPMailer No specific iss...