PT-2024-24825 · WordPress · Eroom – Zoom Meetings & Webinar

Name of the Vulnerable Software and Affected Versions: The eRoom – Zoom Meetings & Webinars plugin for WordPress versions up to, and including, 1.4.18 Description: The issue allows authenticated attackers with subscriber access or higher to obtain post excerpts, including those of draft and pendi...

DEBIAN-CVE-2024-32493

An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request...

UBUNTU-CVE-2024-32493

An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request...

CVE-2024-3733

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajaxloadmore , eaelwoopaginationproductajax, and ajaxeaelproductgallery...

CVE-2024-3733

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajaxloadmore , eaelwoopaginationproductajax, and ajaxeaelproductgallery...

PT-2024-27482 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.15 Description: The issue allows unauthenticated attackers to extract posts that may be in private or draft status due to Sensitive Information Exposur...

WordPress plugin Essential Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WooCommerce plugin < 8.6 - Contributor+ Private/Draft Products Access vulnerability

Contributor+ Private/Draft Products Access vulnerability discovered by Scott Kingsley Clark in WordPress Plugin WooCommerce versions 8.6...

CVE-2024-1310

The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. e.g. private, draft and trashed products...

CVE-2024-1310 WooCommerce < 8.6 - Contributor+ Private/Draft Products Access

The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. e.g. private, draft and trashed products...

PT-2024-17931 · WordPress · Woocommerce

Name of the Vulnerable Software and Affected Versions: WooCommerce WordPress plugin versions prior to 8.6 Description: The issue allows users with at least the contributor role to access products they should not have access to, including private, draft, and trashed products. Recommendations: For...

CVE-2024-2974

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the loadmore function. This can allow unauthenticated attackers to extract sensitiv...

CVE-2024-1904

The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the searchposts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose...

CVE-2024-1587

The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmaticfilterpostsloadtabcontent'. This makes it possible for unauthenticated attackers to view draft posts and post content...

CVE-2024-1587

The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmaticfilterpostsloadtabcontent'. This makes it possible for unauthenticated attackers to view draft posts and post content...

CVE-2024-1587 Newsmatic <= 1.3.4 - Unauthenticated Information Exposure via newsmatic_filter_posts_load_tab_content

The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmaticfilterpostsloadtabcontent'. This makes it possible for unauthenticated attackers to view draft posts and post content...

CVE-2024-2974 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.13 - Unauthenticated Sensitive Information Exposure

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the loadmore function. This can allow unauthenticated attackers to extract sensitiv...

CVE-2024-2974

CVE-2024-2974 affects the WordPress plugin “Essential Addons for Elementor” (Lite) up to version 5.9.13, exposing sensitive information via the load_more function. Unauthenticated attackers may extract private and draft posts. Red Hat and NVD entries corroborate the same impact and version range....

CVE-2024-1904 MasterStudy LMS <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts

The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the searchposts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose...

PT-2024-18410 · WordPress · Masterstudy Lms

Name of the Vulnerable Software and Affected Versions: MasterStudy LMS plugin for WordPress versions up to, and including, 3.2.13 Description: The issue allows unauthorized access to data due to a missing capability check on the search posts function. This makes it possible for authenticated...