11 matches found
CVE-2026-6895 Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation via 'wlm3_export_settings' AJAX Action
The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is due to the missing capability checks in the 'exportsettings' function. This function returns the RES...
WordPress Virusdie plugin <= 1.1.7 - Missing Authorization to Authenticated (Subscriber+) API Key Disclosure vulnerability
Missing Authorization to Authenticated Subscriber+ API Key Disclosure vulnerability discovered by Sushi Com Abacate in WordPress Plugin Virusdie versions = 1.1.7...
IBM: SSRF and secret key disclosure found on Turbonomic endpoint
The vulnerability of SSRF and secret key disclosure was found on a Turbonomic endpoint and reported to IBM. The issue was analyzed and remediated...
IBM: SSRF and secret key disclosure found on Turbonomic endpoint
The SSRF and secret key disclosure vulnerabilities found on the Turbonomic endpoint were reported to IBM, analyzed, and remediated...
CVE-2023-0443 AnyWhere Elementor < 1.2.8 - Freemius API Key Disclosure
The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked...
CVE-2021-24163 Ninja Forms < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure
The AJAX action, wpajaxninjaformssendwpremoteinstallhandler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form...
CVE-2021-21387
Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connectio...
CVE-2021-21387 Partial secret key disclosure, improper safety number calculation, & inadequate encryption strength
Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connectio...
The vulnerability of Infineon’s RSA Library, related to errors in generating prime numbers in the RSA algorithm, allows a perpetrator to disclose the secret part of the key.
The vulnerability of Infineon’s RSA Library is related to errors in generating prime numbers using the RSA algorithm. Exploiting this vulnerability could allow a malicious actor to disclose the secret part of the key...
Atlassian Confluence Server 5.10.x < 5.10.4 Secret Key Disclosure
Binary data 9650.prm...
Atlassian Confluence Server 5.9.x < 5.9.14 Secret Key Disclosure
Binary data 9649.prm...