2 matches found
CVE-2025-13215
CVE-2025-13215 : Information exposure in WordPress plugin “Shortcodes and extra features for Phlox theme” allows unauthenticated users to view draft post titles via auxels_ajax_search in all versions up to 2.17.13. Patch released in 2.17.13 (remediation noted). Base CVSS 3.1/3.1 vector indicates ...
PT-2024-18410 · WordPress · Masterstudy Lms
Name of the Vulnerable Software and Affected Versions: MasterStudy LMS plugin for WordPress versions up to, and including, 3.2.13 Description: The issue allows unauthorized access to data due to a missing capability check on the search posts function. This makes it possible for authenticated...