Ocean Extra < 2.1.3 - Subscriber+ Arbitrary Post Content Disclosure

The plugin does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones. PoC Note: This requires the OceanWP theme to be...

Design/Logic Flaw

The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected...

CVE-2023-22739 Discourse subject to Allocation of Resources Without Limits or Throttling

Discourse is an open source platform for community discussion. Versions prior to 3.0.1 stable, 3.1.0.beta2 beta, and 3.1.0.beta2 tests-passed are subject to Allocation of Resources Without Limits or Throttling. As there is no limit on data contained in a draft, a malicious user can create an...

user funds loss in withdraw() of StRSR because code don't revert when calculated rsrAmount is zero

Lines of code Vulnerability details Impact Function withdraw in StRSR completes an account's unstaking. but when calculated amount of RSR token is 0 code still burn user draftRSR and returns. This would cause users small amount of deposits to get burned and user won't receive any funds. as withdr...

WP FullCalendar < 1.5 - Unauthenticated Arbitrary Post Access

The plugin does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones. PoC Open the below URL as an...

CVE-2022-46148

Discourse self-XSS vulnerability (CVE-2022-46148) affects the Discourse open‑source platform. In versions 2.8.10 and earlier on stable, and 2.9.0.beta11 and earlier on beta/tests-passed branches, a user able to craft malicious messages and navigate to the drafts page could trigger self‑XSS, poten...

ChurchInfo 1.2.13-1.3.0 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ChurchInfo 1.2.13-1.3.0 Authenticated RCE', 'Description' = %q This module exploits the logic in the CartView.php page when crafting a draft emai...

ChurchInfo 1.2.13-1.3.0 Authenticated RCE

This module exploits the logic in the CartView.php page when crafting a draft email with an attachment. By uploading an attachment for a draft email, the attachment will be placed in the /tmpattach/ folder of the ChurchInfo web server, which is accessible over the web by any user. By uploading a...

Cross Site Scripting (XSS)

craftcms/cms is vulnerable to cross-site scripting. An attacker is able to introduce XSS payload in the Draft name, causing reflections of malicious script in a user's browser...

LinkedIn: An Attacker Can Flag Draft Job Posts And Can Disclose The Draft Job Posts Details [ Similar to #1581528 Resolved Report]

A vulnerability was discovered on LinkedIn that allowed attackers to flag and report draft job posts of other users. This resulted in the disclosure of sensitive job details, even for posts that were not yet published...

CVE-2022-2535

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

Code injection

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

EUVD-2022-34789

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

WordPress plugin SearchWP Live Ajax Search 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

HackerOne: Program managers can see draft reports using Export Reports feature

A bug in the HackerOne platform allowed program managers to see draft reports using the Export Reports feature, which led to the disclosure of PII without the reporter's permission. The bug was discovered when a user exported a report and found that it contained draft and disclosed report titles,...

GHSA-V68G-62V9-39W5 Unpublished, protected files can be published via shortcode

Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. Draft protected images can be published by changing an existing image shortcode on website content to...

Johnson Controls Metasys ADS/ADX/OAS Servers 跨站脚本漏洞

Johnson Controls Metasys ADS/ADX/OAS Servers is an application and data server from Johnson Controls, Inc. A cross-site scripting vulnerability exists in Johnson Controls Metasys ADS/ADX/OAS Servers versions 10 and 11, which arises from improper neutralization of input during web page generation...

Publify Access Control Error Vulnerability

Publify is a simple but full-featured web publishing software.An access control error vulnerability exists in versions of Publify prior to 9.2.8. The vulnerability stems from an access control error in draft mode, which could be exploited by an attacker to comment on articles in draft mode...

Improper Access Control

Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Improper Access Control where it is possible for anonymous users to leave comments on an article in draft mode. Remediation Upgrade publifycore to...

Publify Incorrect Authorization

Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Anonymous users can't view but can leave comments on an article in draft mode...