84 matches found
EUVD-2022-48004
Malicious code in bioql PyPI...
EUVD-2024-29321
Malicious code in bioql PyPI...
EUVD-2023-51767
Malicious code in bioql PyPI...
CVE-2024-31432
Missing Authorization vulnerability in StellarWP Restrict Content.This issue affects Restrict Content: from n/a through 3.2.8...
WordPress Restrict Content plugin <= 3.2.13 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability
Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin Restrict Content versions = 3.2.13...
CVE-2024-11090
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have bee...
WordPress plugin Membership Plugin – Restrict Content 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. An information disclosure vulnerabili...
PT-2025-1619 · WordPress · Membership Plugin – Restrict Content
Name of the Vulnerable Software and Affected Versions: The Membership Plugin – Restrict Content plugin for WordPress versions up to, and including, 3.2.13 Description: The issue allows unauthenticated attackers to extract sensitive data from posts restricted to higher-level roles, such as...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Liquidweb Restrict_Content
CVE-2023-47668 Description Exposure of Sensitive Informati...
CVE-2024-31432
Missing Authorization vulnerability in StellarWP Restrict Content.This issue affects Restrict Content: from n/a through 3.2.8...
CVE-2024-31432
CVE-2024-31432 is a Missing Authorization vulnerability in the StellarWP Restrict Content plugin for WordPress, affecting versions up to 3.2.8. From the provided documents, exploitation details are not disclosed, but the issue allows unauthorized access to restricted content. Remediation, per the...
WordPress Restrict Content plugin <= 3.2.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Restrict Content versions = 3.2.8...
WordPress Restrict Content Plugin <= 3.2.8 is vulnerable to Broken Access Control
Software Restrict Content Type Plugin Vulnerable versions = 3.2.8 Fixed in 3.2.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31432 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 602787f07d5a Credits Dhabaleshwar Das Required...
Cross site scripting
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.15.1 due to insufficient input sanitizati...
Cross site scripting
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's reg-select-role shortcode in all versions up to, and including, 4.15.0 due to insufficient...
CVE-2024-1535
ProfilePress WordPress plugin (formerly named ProfilePress/Restrict Content) is affected by CVE-2024-1535. According to the sources, versions up to 4.15.2 are vulnerable to stored cross-site scripting via the plugin’s shortcodes due to insufficient input sanitization and output escaping on user-s...
CVE-2024-1408
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edit-profile-text-box shortcode in all versions up to, and including, 4.14.4 due to...
Cross site scripting
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization...
Cross site scripting
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login-password shortcode in all versions up to, and including, 4.14.4 due to insufficient...
CVE-2024-1570
Affected software: ProfilePress (WordPress plugin) ≤ 4.14.4. Vulnerability: Stored Cross-Site Scripting via the login-password shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes. Impact: Authenticated attackers with contributor-level permissions (o...