2 matches found
CVE-2024-11083 ProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...
PT-2024-16746 · WordPress · Profilepress
Name of the Vulnerable Software and Affected Versions: ProfilePress plugin for WordPress versions up to, and including, 4.15.18 Description: The issue allows unauthenticated attackers to extract sensitive data from posts restricted to higher-level roles, such as administrators, via the WordPress...