Lucene search
K

47 matches found

Patchstack
Patchstack
added 2025/01/07 6:48 a.m.7 views

WordPress Member Access plugin <= 1.1.6 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability

Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin Member Access versions = 1.1.6...

5.3CVSS6.9AI score0.00439EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/01/07 5:15 a.m.17 views

CVE-2024-11290

The Member Access plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

5.3CVSS0.00439EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/07 4:22 a.m.5 views

CVE-2024-11290 Member Access <= 1.1.6 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The Member Access plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

5.3CVSS6.9AI score0.00439EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/25 4:22 a.m.60 views

CVE-2024-12428 WP Data Access – App, Table, Form and Chart Builder plugin <= 5.5.22 - Unauthenticated SQL Injection

The WP Data Access – App, Table, Form and Chart Builder plugin plugin for WordPress is vulnerable to SQL Injection via the 'orderuserlogindir' parameter in all versions up to, and including, 5.5.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

7.5CVSS0.0047EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/25 12:0 a.m.66 views

WordPress plugin WP Data Access SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

7.5CVSS8.6AI score0.0047EPSS
Exploits0References2
OSV
OSV
added 2024/09/15 10:21 p.m.11 views

RHSA-2015:0841 Red Hat Security Advisory: redhat-access-plugin security update

Bulletin has no description...

4CVSS6.2AI score0.01676EPSS
Exploits0References7
CNVD
CNVD
added 2024/04/25 12:0 a.m.15 views

Kubernetes Input Validation Error Vulnerability

Kubernetes K8s is an open source system from the Cloud Native Computing Foundation for automating the deployment, scaling, and management of containerized applications. Kubernetes has a security vulnerability that can be exploited by an attacker to bypass the mountable secrets policy enforced by...

2.7CVSS4.6AI score0.02224EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/04/22 12:0 a.m.5 views

Kubernetes 输入验证错误漏洞

Kubernetes K8s is an open source system from the Cloud Native Computing Foundation for automating the deployment, scaling, and management of containerized applications. Kubernetes has a security vulnerability that can be exploited by an attacker to bypass the mountable secrets policy enforced by...

2.7CVSS6.8AI score0.02224EPSS
Exploits1References7
WPVulnDB
WPVulnDB
added 2023/08/21 12:0 a.m.7 views

FTP Access <= 1.0 - Subscriber+ Stored XSS

Description The plugin does not have authorisation and CSRF checks when updating its settings and is missing sanitisation as well as escaping in them, allowing any authenticated users, such as subscriber to update them with XSS payloads, which will be triggered when an admin will view the setting...

5.4CVSS5.2AI score0.00193EPSS
Exploits2
CNNVD
CNNVD
added 2023/04/12 12:0 a.m.23 views

WordPress plugin WP Data Access 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8.8CVSS8.2AI score0.02726EPSS
Exploits3References6
0day.today
0day.today
added 2023/04/12 12:0 a.m.435 views

WordPress WP Data Access 5.3.7 Privilege Escalation Vulnerability

The Wordfence team responsibly disclosed an authenticated Privilege Escalation vulnerability in the WP Data Access plugin. On April 5, 2023 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in WP Data Access, a WordPress plugin...

8.8CVSS8.7AI score0.02726EPSS
Exploits3
OSV
OSV
added 2023/04/03 7:15 p.m.3 views

CVE-2022-43941

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference...

6.5CVSS5.8AI score0.00555EPSS
Exploits0References1
NVD
NVD
added 2023/04/03 7:15 p.m.35 views

CVE-2022-43771

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds...

6.5CVSS6.5AI score0.23894EPSS
Exploits0References1
Prion
Prion
added 2023/04/03 7:15 p.m.25 views

Design/Logic Flaw

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds...

4CVSS6.5AI score0.23894EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/04/03 6:44 p.m.35 views

CVE-2022-43941 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference...

7.1CVSS7.2AI score0.0053EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/03 12:0 a.m.3 views

PT-2023-2240 · Hitachi Vantara · Pentaho Business Analytics Server

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2, including 8.3.x Description: The issue is related to incorrect restriction of XML links to external objects, which can allow a remote attacker to conduct...

8.8CVSS6.8AI score0.00555EPSS
Exploits0References4
Check Point Advisories
Check Point Advisories
added 2021/12/21 12:0 a.m.5 views

WordPress WP Data Access Plugin SQL Injection (CVE-2021-24866)

An SQL injection vulnerability exists in WordPress WP Data Access plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.6AI score0.01575EPSS
Exploits2
CNVD
CNVD
added 2021/12/09 12:0 a.m.15 views

WordPress WP Data Access plugin SQL injection vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.The WordPress WP Data Access plugin has a SQL injection vulnerability in versions prior to 5.0.0, which stems from the...

9.8CVSS3.3AI score0.01575EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/12/06 12:0 a.m.3 views

WordPress和WordPress 插件 SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.The WordPress WP Data Access plugin has a SQL injection vulnerability in versions prior to 5.0.0, which stems from the...

9.8CVSS6.1AI score0.01575EPSS
Exploits2References1
Akamai Blog
Akamai Blog
added 2018/03/19 1:0 p.m.14 views

Recovering Plaintext Passwords from Azure Virtual Machines

Security design flaw in the VM Access plugin that may enable a cross platform attack impacting every machine type provided by Azure. Read More...

2.2AI score
Exploits0
Rows per page
Query Builder