11 matches found
CVE-2026-12906
The RTMKit WordPress plugin before 2.0.9 does not perform a capability check in one of its AJAX actions and resolves a request-supplied post identifier directly, allowing users with at least the Contributor role to read the titles of other users' private, draft, pending, scheduled and trashed pos...
EUVD-2026-44879
The RTMKit WordPress plugin before 2.0.9 does not perform a capability check in one of its AJAX actions and resolves a request-supplied post identifier directly, allowing users with at least the Contributor role to read the titles of other users' private, draft, pending, scheduled and trashed pos...
CVE-2026-12434
The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitizestatus. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts,...
EUVD-2026-44856
The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitizestatus. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts,...
GHSA-G9W4-M5FX-X3WV Yoast Duplicate Post has an Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite
The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...
CVE-2023-4686
The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...
CVE-2023-4686
The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...
CVE-2023-4686
The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...
Information disclosure
The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...
CVE-2021-24819
The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as...
WordPress Trashed Posts Information Disclosure Vulnerability
WordPress is prone to an information disclosure vulnerability because it fails to properly restrict access to trashed posts. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...