Lucene search
K

60 matches found

Positive Technologies
Positive Technologies
added 2024/12/18 12:0 a.m.7 views

PT-2024-16886 · WordPress · Paid Membership Subscriptions

Name of the Vulnerable Software and Affected Versions: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress versions up to, and including, 2.13.4 Description: The vulnerability allows unauthenticated attackers to extract sensitive...

5.3CVSS9.4AI score0.00457EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/12/17 12:0 a.m.6 views

PT-2024-16889 · WordPress · Memberful

Name of the Vulnerable Software and Affected Versions: Memberful plugin for WordPress versions up to, and including, 1.73.9 Description: The issue allows unauthenticated attackers to extract sensitive data from posts restricted to higher-level roles, such as site members, via the WordPress core...

5.3CVSS9.6AI score0.00452EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/12/17 12:0 a.m.7 views

PT-2024-16881 · WordPress · Ppwp – Password Protect Pages

Name of the Vulnerable Software and Affected Versions: PPWP – Password Protect Pages plugin for WordPress versions up to, and including, 1.9.5 Description: The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure via the WordPress core search feature...

5.3CVSS9.6AI score0.00402EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/12/11 12:0 a.m.7 views

PT-2024-16697 · WordPress · Members – Membership & User Role Editor Plugin

Name of the Vulnerable Software and Affected Versions: Members – Membership & User Role Editor Plugin versions up to, and including, 3.2.10 Description: The issue allows unauthenticated attackers to extract sensitive data from posts restricted to higher-level roles, such as administrators, via th...

5.3CVSS6.9AI score0.00366EPSS
Exploits0References6
OSV
OSV
added 2024/11/27 6:15 a.m.3 views

CVE-2024-11083

The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

5.3CVSS5.8AI score0.00399EPSS
Exploits0References2
OSV
OSV
added 2024/11/21 2:15 p.m.4 views

CVE-2024-11088

The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

7.5CVSS5.8AI score0.00619EPSS
Exploits0References2
OSV
OSV
added 2024/11/21 2:15 p.m.3 views

CVE-2024-11089

The Anonymous Restricted Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been...

5.3CVSS7.3AI score
Exploits0References2
NVD
NVD
added 2024/11/09 7:15 a.m.11 views

CVE-2024-10688

The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS0.00294EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/08 12:0 a.m.8 views

PT-2024-16463 · WordPress · Attesa Extra

Name of the Vulnerable Software and Affected Versions: Attesa Extra plugin for WordPress versions up to, and including, 1.4.2 Description: The issue concerns insufficient restrictions on which posts can be included via the attesa-template shortcode, leading to Information Exposure. This allows...

4.3CVSS7.1AI score0.00294EPSS
Exploits0References9
OSV
OSV
added 2024/01/15 4:15 p.m.3 views

CVE-2023-5905

The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as...

8.1CVSS5.8AI score0.00579EPSS
Exploits2References1
NVD
NVD
added 2024/01/15 4:15 p.m.29 views

CVE-2023-5905

The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as...

8.1CVSS8AI score0.00579EPSS
Exploits2References1
Prion
Prion
added 2024/01/15 4:15 p.m.21 views

Authorization

The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as...

5.5CVSS6.9AI score0.00579EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/15 12:0 a.m.10 views

PT-2024-14841 · WordPress · Demomentsomtres Wordpress Export Posts With Images

Name of the Vulnerable Software and Affected Versions: DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 Description: The issue allows any logged-in user, such as subscribers, to export the contents of the blog, including restricted and unpublished posts, as wel...

8.1CVSS7.9AI score0.00579EPSS
Exploits2References5
NVD
NVD
added 2007/07/11 5:30 p.m.21 views

CVE-2007-3690

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

7.8CVSS6.7AI score0.01784EPSS
Exploits0References8
NVD
NVD
added 2007/07/11 5:30 p.m.16 views

CVE-2007-3689

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

7.8CVSS6.7AI score0.01784EPSS
Exploits0References8
Prion
Prion
added 2007/07/11 5:30 p.m.14 views

Design/Logic Flaw

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

7.8CVSS7.2AI score0.01784EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2007/07/11 5:0 p.m.19 views

CVE-2007-3689

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

6.7AI score0.01784EPSS
Exploits0References8
Cvelist
Cvelist
added 2007/07/11 5:0 p.m.30 views

CVE-2007-3690

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

6.7AI score0.01784EPSS
Exploits0References8
CVE
CVE
added 2007/07/11 5:0 p.m.40 views

CVE-2007-3689

The CVE-2007-3689 issue affects Drupal’s Print module (pre-4.7-1.0 and pre-5.x-1.2). The underlying flaw allows remote attackers to read restricted posts via modified URL arguments in node access modules such as Organic Groups, Taxonomy Access Control, and Taxonomy Access Lite (and others). This ...

7.8CVSS6.7AI score0.01784EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2007/07/11 5:0 p.m.49 views

CVE-2007-3690

CVE-2007-3690 affects Drupal’s Forward module (before 4.7-1.1 and before 5.x-1.0 for 5.x) where remote attackers can read restricted posts in modules such as Organic Groups, Taxonomy Access Control, and Taxonomy Access Lite by supplying modified URL arguments. The vulnerability is a cross-module ...

7.8CVSS6.7AI score0.01784EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder