PT-2024-21958 · Prestashop · Apaczka Plugin

Name of the Vulnerable Software and Affected Versions: Apaczka plugin for PrestaShop versions v1 through v4 Description: The issue is related to improper access control in the Apaczka plugin for PrestaShop, allowing unauthorized information gathering from saved templates without the need for...

Apaczka 安全漏洞

Apaczka is a solution for managing a company's transportation process from Apaczka. A security vulnerability exists in Apaczka versions v1 through v4 that stems from allowing information to be collected from saved templates without authentication...

CVE-2023-5454

The Templately WordPress plugin before 2.2.6 does not properly authorize the saved-templates/delete REST API call, allowing unauthenticated users to delete arbitrary posts...

PT-2023-32113 · WordPress · Templately

Name of the Vulnerable Software and Affected Versions: Templately WordPress plugin versions prior to 2.2.6 Description: The issue concerns improper authorization of the saved-templates/delete API endpoint, allowing unauthenticated users to delete arbitrary posts. Recommendations: For versions pri...

CVE-2021-24660

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode...

CVE-2021-24661

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID...

Default credentials

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID...

WordPress plugin PostX Gutenberg Blocks Saved Templates Addon 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin PostX...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin PostX, which stems from versions of the PostX Gutenberg Blocks for Post Grid WordPress plugin prior to 2.4.10 that enable the Saved Templates Addon, which allow...

PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Private Content Disclosure

The plugin, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID. If the post 1234, created by other users, is set as private, save gutenbergpostblocks id="1234...

PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Contributor+ Stored Cross-Site Scripting

The plugin, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode. PoC Create a page as any user with the following shortcode block: gutenbergpostblocks id='a"...

PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Private Content Disclosure

The plugin, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID. PoC If the post 1234, created by other users, is set as private, save gutenbergpostblocks...