37 matches found
EUVD-2002-2131
Malware in sbrugna...
EUVD-2019-2228
Malware in sbrugna...
EUVD-2024-54927
Malicious code in bioql PyPI...
CVE-2024-13807
CVE-2024-13807 affects Xagio SEO for WordPress up to version 7.1.0.5. Root cause: backup functionality creates unprotected backups due to weak filename structure and missing directory protections, enabling unauthenticated attackers to exfiltrate sensitive data (entire database and site files). Pu...
CVE-2024-13613 Wise Chat <= 3.3.3 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which c...
CVE-2024-13613 Wise Chat <= 3.3.3 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which c...
CVE-2024-13604 KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin <= 1.7.4 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
The KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.4 via the 'kbs' directory. This makes it possible for unauthenticated attackers to extract sensitive dat...
CVE-2024-13640
CVE-2024-13640 affects the WordPress plugin Print Invoice & Delivery Notes for WooCommerce. All versions up to 5.4.1 are vulnerable via the wcdn/invoice directory, enabling unauthenticated attackers to access sensitive data stored under /wp-content/uploads/wcdn/invoice (potential invoice files if...
WordPress Download Manager plugin <= 3.3.06 - Unauthenticated Information Disclosure via Unprotected Directory vulnerability
Unauthenticated Information Disclosure via Unprotected Directory vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Download Manager versions = 3.3.06...
WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.4.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability
Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability discovered by Tim Coen in WordPress Plugin Print Invoice & Delivery Notes for WooCommerce versions = 5.4.1...
WordPress BP Better Messages plugin <= 2.6.9 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability
Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability discovered by Tim Coen in WordPress Plugin BP Better Messages versions = 2.6.9...
WordPress Fluent Support plugin <= 1.8.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability
Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability discovered by Tim Coen in WordPress Plugin Fluent Support versions = 1.8.5...
CVE-2024-13638
The CVE-2024-13638 entry concerns the WordPress plugin Order Attachments for WooCommerce. Affected versions are all up to and including 2.5.1, with exploitation via the uploads directory (/wp-content/uploads). The issue enables unauthenticated attackers to access sensitive data stored in attachme...
CVE-2024-13638 Order Attachments for WooCommerce <= 2.5.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
The Order Attachments for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the...
WordPress Order Attachments for WooCommerce plugin <= 2.5.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability
Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability discovered by Tim Coen in WordPress Plugin Order Attachments for WooCommerce versions = 2.5.1...
WordPress File Uploads Addon for WooCommerce plugin <= 1.7.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability
Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability discovered by Tim Coen in WordPress Plugin File Uploads Addon for WooCommerce versions = 1.7.1...
WordPress Return Refund and Exchange For WooCommerce plugin <= 4.4.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability
Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability discovered by Tim Coen in WordPress Plugin Return Refund and Exchange For WooCommerce versions = 4.4.5...
WordPress JS Help Desk plugin <= 2.8.8 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability
Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability discovered by Tim Coen in WordPress Plugin JS Help Desk versions = 2.8.8...
CVE-2024-12315 Export All Posts, Products, Orders, Refunds & Users <= 2.9.3 - Information Disclosure Through Unprotected Directory
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in t...
WordPress WP Ultimate Exporter plugin <= 2.9.3 - Information Disclosure Through Unprotected Directory vulnerability
Information Disclosure Through Unprotected Directory vulnerability discovered by Webbernaut in WordPress Plugin WP Ultimate Exporter versions = 2.9.3...