4963 matches found
CVE-2024-25651
CVE-2024-25651 affects Delinea PAM Secret Server 11.4. The authentication REST API is vulnerable to user enumeration: responses from the /oauth2/token endpoint differ for valid versus invalid usernames, allowing a remote attacker to determine valid users. Root cause: differing handling of authent...
CVE-2024-25650
CVE-2024-25650 describes an insecure key exchange between Delinea PAM Secret Server 11.4 and Distributed Engine 8.4.3, where a PAM administrator can obtain the Symmetric Key used to encrypt RabbitMQ messages by crafting payloads to the REST endpoints “/pre-authenticate”, “/authenticate”, and “/ex...
PT-2024-21066 · Delinea · Delinea Pam Secret Server
Name of the Vulnerable Software and Affected Versions: Delinea PAM Secret Server version 11.4 Distributed Engine version 8.4.3 Description: The issue allows a PAM administrator to obtain the Symmetric Key used to encrypt RabbitMQ messages via crafted payloads to the "/pre-authenticate",...
CVE-2024-1763
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wpsocial/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to...
CVE-2024-1763
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wpsocial/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to...
CVE-2024-1462
The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode...
CVE-2024-1083
The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API. This makes it possible for authenticated attackers to bypass the plugin's restrictions to extract post titles and content...
CVE-2024-0681
The Page Restriction WordPress WP – Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the plugin not properly restricting access to pages via the REST API when a page has been made private. This makes it...
Design/Logic Flaw
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wpsocial/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to...
Code injection
The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API. This makes it possible for authenticated attackers to bypass the plugin's restrictions to extract post titles and content...
Code injection
The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode...
Information disclosure
The Page Restriction WordPress WP – Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the plugin not properly restricting access to pages via the REST API when a page has been made private. This makes it...
CVE-2024-0681
The Page Restriction WordPress WP – Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the plugin not properly restricting access to pages via the REST API when a page has been made private. This makes it...
CVE-2024-0681
CVE-2024-0681 affects the WordPress plugin Page Restriction WordPress (WP) – Protect WP Pages/Post . It discloses information by failing to restrict access to private pages via the REST API in all versions up to 1.3.4. The underlying issue is improper REST API access control, allowing unauthentic...
CVE-2024-0681 Page Restriction WordPress (WP) – Protect WP Pages/Post <= 1.3.4 - Protection Mechanism Bypass
The Page Restriction WordPress WP – Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the plugin not properly restricting access to pages via the REST API when a page has been made private. This makes it...
CVE-2024-1083
CVE-2024-1083 refers to the WordPress plugin Simple Restrict (affected versions:
CVE-2024-1083
The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API. This makes it possible for authenticated attackers to bypass the plugin's restrictions to extract post titles and content...
CVE-2024-1083 Simple Restrict <= 1.2.6 - Missing Authorization to Sensitive Information Exposure
The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API. This makes it possible for authenticated attackers to bypass the plugin's restrictions to extract post titles and content...
CVE-2024-1462
The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode...
CVE-2024-1462 Maintenance Page <= 1.0.8 - Security Mechanism Bypass via REST API
The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode...