PT-2024-38615 · WordPress · Themify Builder

Name of the Vulnerable Software and Affected Versions: Themify Builder plugin for WordPress versions up to, and including, 7.6.1 Description: The issue allows authenticated attackers with Contributor-level access and above to duplicate and view private or draft posts created by other users, due t...

CVE-2024-7063

The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'renderraw' function. This can allow authenticated attackers, with Contributor-level permissions and above, to extract sensitive data including private,...

CVE-2024-7063

CVE-2024-7063 affects ElementsKit Pro for WordPress, with Sensitive Information Exposure via render_raw in all versions up to 3.6.6. The issue requires authentication (Contributor+), allowing an authenticated user to exfiltrate sensitive data such as private, future, and draft posts. Connected so...

PT-2024-38052 · WordPress · Elementskit Pro

Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.6 Description: The issue allows authenticated attackers with Contributor-level permissions and above to extract sensitive data, including private, future, and draft posts...

CVE-2024-6709

The Sync Post With Other Site plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'spsaddupdatepost' function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access an...

PT-2024-36722 · WordPress · Piotnet Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Piotnet Addons For Elementor plugin for WordPress versions up to, and including, 2.4.29 Description: The issue allows unauthenticated attackers to extract sensitive data, including titles and excerpts of future, draft, and pending blog posts,...

CVE-2024-3275 eRoom – Zoom Meetings & Webinar <= 1.4.18 - Missing Authorization to Information Exposure

The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the searchposts function. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain post excerpts...

CVE-2024-3275 eRoom – Zoom Meetings & Webinar <= 1.4.18 - Missing Authorization to Information Exposure

The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the searchposts function. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain post excerpts...

PT-2024-24825 · WordPress · Eroom – Zoom Meetings & Webinar

Name of the Vulnerable Software and Affected Versions: The eRoom – Zoom Meetings & Webinars plugin for WordPress versions up to, and including, 1.4.18 Description: The issue allows authenticated attackers with subscriber access or higher to obtain post excerpts, including those of draft and pendi...

CVE-2024-3733

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajaxloadmore , eaelwoopaginationproductajax, and ajaxeaelproductgallery...

PT-2024-27482 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.15 Description: The issue allows unauthenticated attackers to extract posts that may be in private or draft status due to Sensitive Information Exposur...

WordPress plugin Essential Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-2974

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the loadmore function. This can allow unauthenticated attackers to extract sensitiv...

CVE-2024-1587

The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmaticfilterpostsloadtabcontent'. This makes it possible for unauthenticated attackers to view draft posts and post content...

CVE-2024-1587

The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmaticfilterpostsloadtabcontent'. This makes it possible for unauthenticated attackers to view draft posts and post content...

CVE-2024-1587 Newsmatic <= 1.3.4 - Unauthenticated Information Exposure via newsmatic_filter_posts_load_tab_content

The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmaticfilterpostsloadtabcontent'. This makes it possible for unauthenticated attackers to view draft posts and post content...

CVE-2024-2974 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.13 - Unauthenticated Sensitive Information Exposure

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the loadmore function. This can allow unauthenticated attackers to extract sensitiv...

CVE-2024-2974

CVE-2024-2974 affects the WordPress plugin “Essential Addons for Elementor” (Lite) up to version 5.9.13, exposing sensitive information via the load_more function. Unauthenticated attackers may extract private and draft posts. Red Hat and NVD entries corroborate the same impact and version range....

PT-2024-18151 · WordPress · Newsmatic

Name of the Vulnerable Software and Affected Versions: Newsmatic theme for WordPress versions up to, and including, 1.3.0 Description: The issue allows unauthenticated attackers to view draft posts and post content due to Sensitive Information Exposure. This is possible via the newsmatic filter...

WordPress Plugin Essential Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...