Lucene search
K

19 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-3894

Malware in sbrugna...

6.5CVSS6.4AI score0.08359EPSS
Exploits4References6
Cvelist
Cvelist
added 2023/12/18 8:8 p.m.22 views

CVE-2023-6077 Slider - Ultimate Responsive Image Slider < 3.5.12 - Subscriber+ Arbitrary Post Access

The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protect...

6.7AI score0.00665EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/11/23 12:0 a.m.183 views

Slider - Ultimate Responsive Image Slider < 3.5.12 - Subscriber+ Arbitrary Post Access

Description The plugin does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protected Run the below...

6.5CVSS6.9AI score0.00665EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2023/08/30 2:22 p.m.8 views

CVE-2023-4036 Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access

The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones...

4.7AI score0.00453EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/03/20 3:52 p.m.28 views

CVE-2023-0890 Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access

The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or...

6.4AI score0.00654EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/03/20 3:52 p.m.7 views

CVE-2023-0890 Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access

The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or...

6.3AI score0.00654EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/02/27 12:0 a.m.23 views

Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access

The plugin does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or even password protected posts. It is also possible to leak the password of...

6.5CVSS6.7AI score0.00654EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/02/27 12:0 a.m.149 views

Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access

The plugin does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or even password protected posts. It is also possible to leak the password of...

6.5CVSS6.9AI score0.00654EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2023/02/13 2:32 p.m.8 views

CVE-2022-3891 WP FullCalendar < 1.5 - Unauthenticated Arbitrary Post Access

The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected...

6.8AI score0.00694EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/01/23 2:31 p.m.4 views

CVE-2021-24881 Passster < 3.5.5.9 - Protection Bypass & Arbitrary Post Access

The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts such as private content, by sending a specifically crafted...

7.3AI score0.00818EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/01/23 2:31 p.m.12 views

CVE-2021-24881 Passster < 3.5.5.9 - Protection Bypass & Arbitrary Post Access

The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts such as private content, by sending a specifically crafted...

7.8AI score0.00818EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.624 views

WP FullCalendar < 1.5 - Unauthenticated Arbitrary Post Access

The plugin does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones. Open the below URL as an...

5.3CVSS1.7AI score0.00694EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/12/29 12:0 a.m.17 views

Passster < 3.5.5.9 - Protection Bypass & Arbitrary Post Access

The plugin does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts such as private content, by sending a specifically crafted request. PoC The nonce can be...

7.5CVSS1.9AI score0.00818EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/20 12:0 a.m.14 views

Responsive Image Slider, Photo Gallery And Carousel < 1.3.6 - Subscriber+ Arbitrary Post Access

The plugin does not have proper authorisation check in the sfimageid AJAX action, which could allow any authenticated, such as subscriber, to view the content and title of arbitrary posts, for example private, draft and password protected ones. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: /...

1.1AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/21 12:0 a.m.14 views

WP Mega Menu < 1.4.1 - Subscriber+ Arbitrary Post Access

The plugin does not properly check for capability and CSRF due to a logic flaw, in its exporttheme and exportwpmegamenunavmenu methods, hooked as AJAX actions and available to any authenticated users. As a result, low privilege authenticated users such as subscribers can call them and access...

1.3AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2021/09/21 12:0 a.m.8 views

WordPress WP Mega Menu plugin <= 1.4.0 - Arbitrary Post Access vulnerability

Arbitrary Post Access vulnerability discovered by WPScanTeam in WordPress WP Mega Menu plugin versions = 1.4.0. Solution Update the WordPress WP Mega Menu plugin to the latest available version at least 1.4.1...

3.3AI score
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.762 views

WP Mega Menu < 1.4.1 - Subscriber+ Arbitrary Post Access

The plugin does not properly check for capability and CSRF due to a logic flaw, in its exporttheme and exportwpmegamenunavmenu methods, hooked as AJAX actions and available to any authenticated users. As a result, low privilege authenticated users such as subscribers can call them and access...

0.8AI score
Exploits0
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.731 views

WP Mega Menu < 1.4.0 - Unauthenticated Arbitrary Post Access

The plugin does not properly check for capability and CSRF due to a logic flaw, in its exporttheme and exportwpmegamenunavmenu methods, hooked to admininit. As a result, unauthenticated users can call them and access arbitrary post data, including password protected or private ones. Access an...

0.5AI score
Exploits0
NVD
NVD
added 2019/05/21 6:29 p.m.26 views

CVE-2019-12252

In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges guest can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&notifyTo=SOLFORWARD&id= substring...

6.5CVSS6.5AI score0.08359EPSS
Exploits4References4
Rows per page
Query Builder