Password Protected Store for WooCommerce < 2.3 - Unauthenticated Arbitrary Post Tile & Content Access

Description The plugin is vulnerable to Sensitive Information Exposure via the REST API, allowing unauthenticated attackers to extract sensitive data including post titles and content...

Improper Authentication

ZenML Server is vulnerable to Improper Authentication. The vulnerability is due to the REST API /api/v1/users/usernameorid/activate allows access on the basis of a valid username along with a new password in the request body. An attacker can exploit this to mount remote privilege escalation...

Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2023-47745)

Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2023-47745 DESCRIPTION: IBM MQ stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. CVSS Base score: 6.2 CVSS Tempor...

CVE-2024-1472

The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API...

CVE-2024-1475

The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content thus bypassing the protection provided by the...

CVE-2024-1472

The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API...

CVE-2024-0978

The My Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.14 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's site privacy feature and view restricted page and post content...

Design/Logic Flaw

The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content thus bypassing the protection provided by the...

Information disclosure

The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API...

Design/Logic Flaw

The My Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.14 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's site privacy feature and view restricted page and post content...

WordPress Plugin Coming Soon Maintenance Mode Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Wp Social Login and Register Social Counter < 3.0.1 - Missing Authorization to Unauthenticated Social Login/Share Status Update

Description The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wpsocial/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated...

WordPress Plugin WP Maintenance Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

CVE-2024-24772

A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, whi...

Code injection

A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, whi...

CVE-2024-24772

CVE-2024-24772 affects Apache Superset prior to 3.0.4 and 3.1.0–3.1.0.1, where a guest user could exploit the Chart Data REST API to send arbitrary SQL statements; on error, information could be leaked from the analytics database. Root cause: improper handling/neutralization of SQL in the chart d...

CVE-2024-1476

The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages when maintenance mo...

CVE-2024-0975

The WordPress Access Control plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.13 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Make Website Members Only" feature when unset and view...

CVE-2024-1476

The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages when maintenance mo...

CVE-2024-0680

The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated...