3 matches found
CVE-2026-2696 Export All URLs < 5.1 - Unauthenticated Sensitive Data Exposure
The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS including private posts in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can...
EUVD-2014-1504
Malware in sbrugna...
CVE-2014-1428 uuid.uuid1() is not suitable as an unguessable identifier/token
A vulnerability in generatefilestoragekey of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2...