CVE-2024-6574

The Laposta plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.12. This is due to the plugin not preventing direct access to several test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application,...

WordPress Laposta plugin <= 1.12 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin Laposta versions = 1.12...

CVE-2024-6574

The Laposta plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.12. This is due to the plugin not preventing direct access to several test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application,...

CVE-2024-6574

CVE-2024-6574 affects the Laposta plugin for WordPress, with Full Path Disclosure in all versions up to and including 1.12 due to direct access to test files. Unauthenticated attackers could retrieve the web app’s full path, aiding other attacks. The plugin is no longer maintained and has been cl...

CVE-2024-6574 Laposta <= 1.12 - Unauthenticated Full Path Disclosure

The Laposta plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.12. This is due to the plugin not preventing direct access to several test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application,...

WordPress plugin Laposta security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

CVE-2023-41950

Cross-Site Request Forgery CSRF vulnerability in Laposta - Roel Bousardt Laposta Signup Basic plugin = 1.4.1 versions...