3 matches found
PT-2026-34854
The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admin init hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...
DEBIAN-CVE-2023-5692
WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirectguess404permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publiclyqueryable' post status has been set to 'false'...
PT-2024-14827 · WordPress +1 · Wordpress +1
Name of the Vulnerable Software and Affected Versions: WordPress Core versions up to, and including, 6.4.3 Description: The issue allows unauthenticated attackers to expose the slug of a custom post whose publicly queryable post status has been set to 'false' via the redirect guess 404 permalink...