12 matches found
EUVD-2022-34403
Malicious code in bioql PyPI...
CVE-2022-2117
The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been...
CVE-2021-4377
The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.8.5 via the dmmexportdonations function which is called via the adminpostdmmexport hook due to missing capability checks. This can allow authenticated attackers to extract a CS...
CVE-2021-4377 Doneren met Mollie <= 2.8.4 - Information Disclosure
The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.8.5 via the dmmexportdonations function which is called via the adminpostdmmexport hook due to missing capability checks. This can allow authenticated attackers to extract a CS...
CVE-2022-2117
The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been...
CVE-2022-2117
The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been...
CVE-2022-2117
The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been...
Information disclosure
The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been...
CVE-2022-2117 GiveWP – Donation Plugin and Fundraising Platform <= 2.20.2 - Sensitive Information Disclosure
The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been...
GiveWP < 2.21.0 - Donor Information Disclosure
The plugin exposes a REST endpoint to unauthenticated users and disclosing donor information...
WordPress GiveWP plugin <= 2.20.2 - Donor Information Disclosure vulnerability
Donor Information Disclosure vulnerability discovered by Kane Gamble Blackfoot UK in WordPress GiveWP plugin versions = 2.20.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.21.0...
Authentication flaw
A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information PII including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta key value from the...