213 matches found
WP Directory Kit < 1.5.0 - Unauthenticated Email Exposure
WP Directory Kit plugin for WordPress = 1.4.9 contains a sensitive information exposure caused by improper access control in wdkpublicaction AJAX handler, letting unauthenticated attackers extract email addresses of users with Directory Kit-specific roles. id: CVE-2025-13920 info: name: WP...
OpenProject < 12.5.4 - Project Identifiers Exposure
OpenProject versions before 12.5.6 generate a publicly accessible robots.txt file revealing project identifiers, even if the instance is set to 'Login required', letting attackers gather project info, exploit requires no authentication. id: CVE-2023-33960 info: name: OpenProject 12.5.4 - Project...
WordPress AI Engine Plugin - Token Exposure
Unauthenticated sensitive information exposure in AI Engine WordPress plugin = 3.1.3 exposes bearer tokens via REST API endpoints when No-Auth URL is enabled. id: CVE-2025-11749 info: name: WordPress AI Engine Plugin - Token Exposure author: 4m3rr0r severity: critical description: | Unauthenticat...
EUVD-2026-37671
Unauthenticated Sensitive Data Exposure in Bricksforge = 3.1.8.4 versions...
WordPress Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin <= 1.3.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability
Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Umut Can Yurdayardım in WordPress Plugin Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets versions = 1.3.13.1...
CVE-2026-52696
CVE-2026-52696 concerns the WordPress JetBlog plugin (versions <= 2.4.8) and describes an unauthenticated sensitive data exposure. The entry specifies a CVSS 3.1 base score of 7.5 (HIGH), with network attack vector, no privileges required, no user interaction, and impact limited to confidentia...
CVE-2026-52696 WordPress JetBlog plugin <= 2.4.8 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in JetBlog = 2.4.8 versions...
CVE-2026-34888 WordPress Bricksforge plugin <= 3.1.8.4 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Bricksforge = 3.1.8.4 versions...
WordPress FireBox Popups – Increase Sales and Grow Your Email List plugin <= 3.1.7 - Unauthenticated Sensitive Information Exposure in 'form_id' Parameter vulnerability
Unauthenticated Sensitive Information Exposure in 'formid' Parameter vulnerability discovered by Duc Manh in WordPress Plugin FireBox versions = 3.1.7...
CVE-2026-54197
Unauthenticated Sensitive Data Exposure in GetGenie = 4.4.1 versions...
CVE-2026-54197 WordPress GetGenie plugin <= 4.4.1 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in GetGenie = 4.4.1 versions...
EUVD-2026-37054
Unauthenticated Sensitive Data Exposure in GetGenie = 4.4.1 versions...
EUVD-2026-36992
Unauthenticated Sensitive Data Exposure in Amelia = 2.2 versions...
EUVD-2026-36939
Unauthenticated Sensitive Data Exposure in Backup Migration = 2.1.1 versions...
EUVD-2026-36918
Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce = 2.2.5 versions...
CVE-2026-52695
Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout = 1.8.2 versions...
CVE-2026-52692
Unauthenticated Sensitive Data Exposure in Affiliates Manager = 2.9.50 versions...
CVE-2026-48872
Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...
CVE-2026-42384
Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments 1.6.11.2 versions...
CVE-2026-39480
Unauthenticated Sensitive Data Exposure in Backup Migration = 2.1.1 versions...