CVE-2023-4036

The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones...

ALSA-2023:4524 Moderate: libcap security update

Libcap is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities. Security Fixes: libcap: Integer Overflow in libcapstrdup CVE-2023-2603 libcap: Memory Leak on pthreadcreate Error CVE-2023-2602 For more details about the security issues, including the impact, a CVSS...

Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access

Description The plugin does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones Run the below command in the developer console ...

HackerOne: Draft report exposure via slack alerting system for programs

Vulnerability description not provided...

Synacor Zimbra Collaboration Server 跨站脚本漏洞

Synacor Zimbra Collaboration Server ZCS is a suite of email and collaboration solutions from Synacor, USA. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A security vulnerability exists in Synacor Zimbra Collaboration Server version v.8.8.15,...

NIST Draft Document on Post-Quantum Cryptography Guidance

NIST has released a draft of Special Publication1800-38A: "Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography." Its only four pages long, and it doesnt have a lot of detail--more "volumes" are coming, with more...

CVE-2023-1911

The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example...

CVE-2023-1911

The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example...

CVE-2023-1911

Blocksy Companion (WordPress plugin by Creative Themes) before 1.8.82 contains an authorization flaw: posts accessible via a shortcode are not confirmed public, allowing any authenticated user (e.g., subscribers) to view draft content. This exposes draft posts to users who should not have access....

CVE-2023-1911 Blocksy Companion < 1.8.82 - Subscriber+ Draft Post Access

The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example...

CVE-2023-1911 Blocksy Companion < 1.8.82 - Subscriber+ Draft Post Access

The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example...

PT-2023-17333 · WordPress · Blocksy Companion

Name of the Vulnerable Software and Affected Versions: Blocksy Companion WordPress plugin versions prior to 1.8.82 Description: The issue allows any authenticated users, such as subscribers, to access draft posts via a shortcode, because it does not ensure that posts are already public and can be...

CVE-2023-1426

The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post...

CVE-2023-1426 WP Tiles <= 1.1.2 - Subscriber+ Draft/Private Post Title Disclosure

The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post...

CVE-2023-1426

CVE-2023-1426 affects the WordPress plugin WP Tiles up to version 1.1.2. The vulnerability arises because the plugin’s display logic does not ensure that posts shown are not drafts or private, allowing any authenticated user (e.g., subscribers) to retrieve the titles of draft/private posts and po...

Blocksy Companion < 1.8.82 - Subscriber+ Draft Post Access

The plugin does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example PoC Run the below command in the developer console of the web browser while being on the blog as a...

PT-2023-16974 · WordPress · Wp Tiles

Name of the Vulnerable Software and Affected Versions: WP Tiles WordPress plugin versions 1.1.2 and earlier Description: The issue allows any authenticated users, such as subscribers, to retrieve the titles of draft and private posts. An attacker could also retrieve the title of any other type of...

WordPress plugin WP Tile 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

Blocksy Companion < 1.8.82 - Subscriber+ Draft Post Access

The plugin does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example Run the below command in the developer console of the web browser while being on the blog as a subscrib...

CVE-2023-0890

The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or...