Lucene search
+L

11 matches found

nvd
nvd
added 11 hours ago4 views

CVE-2026-12906

The RTMKit WordPress plugin before 2.0.9 does not perform a capability check in one of its AJAX actions and resolves a request-supplied post identifier directly, allowing users with at least the Contributor role to read the titles of other users' private, draft, pending, scheduled and trashed pos...

2.7CVSS
Exploits0References1
euvd
euvd
added 13 hours ago5 views

EUVD-2026-44879

The RTMKit WordPress plugin before 2.0.9 does not perform a capability check in one of its AJAX actions and resolves a request-supplied post identifier directly, allowing users with at least the Contributor role to read the titles of other users' private, draft, pending, scheduled and trashed pos...

2.7CVSS6.1AI score
Exploits0References1
nvd
nvd
added 14 hours ago8 views

CVE-2026-12434

The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitizestatus. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts,...

4.3CVSS
Exploits0References6
euvd
euvd
added 16 hours ago4 views

EUVD-2026-44856

The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitizestatus. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts,...

4.3CVSS6.1AI score
Exploits0References6
osv
osv
added 2026/03/18 12:31 p.m.7 views

GHSA-G9W4-M5FX-X3WV Yoast Duplicate Post has an Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite

The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...

5.4CVSS5.7AI score0.00171EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/05/23 5:57 a.m.4 views

CVE-2023-4686

The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...

4.3CVSS5.9AI score0.00524EPSS
Exploits0References1
nvd
nvd
added 2023/11/22 4:15 p.m.32 views

CVE-2023-4686

The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...

4.3CVSS0.00524EPSS
Exploits0References3
osv
osv
added 2023/11/22 4:15 p.m.11 views

CVE-2023-4686

The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...

4.3CVSS5.8AI score0.00524EPSS
Exploits0References3
prion
prion
added 2023/11/22 4:15 p.m.25 views

Information disclosure

The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...

4CVSS6.7AI score0.00524EPSS
Exploits0References3Affected Software1
osv
osv
added 2021/12/13 11:15 a.m.5 views

CVE-2021-24819

The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as...

4.3CVSS5.8AI score0.00783EPSS
Exploits2References1
openvas
openvas
added 2010/02/24 12:0 a.m.21 views

WordPress Trashed Posts Information Disclosure Vulnerability

WordPress is prone to an information disclosure vulnerability because it fails to properly restrict access to trashed posts. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

4CVSS6AI score0.09855EPSS
Exploits0References3
Rows per page
Query Builder