CVE-2021-24635

The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user such as subscriber to call them and 1 Get and search through title and content of Draft post, ...

Element Pack Elementor Addons < 5.6.0 - Sensitive Information Exposure via element_pack_ajax_search

Description The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.5.6 via the elementpackajaxsearch function. This makes it possible for...

CVE-2024-2966

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.5.6 via the elementpackajaxsearch function. This makes it possible for...

CVE-2024-1526 Hubbub Lite < 1.33.1 - Unauthenticated Password Protected Posts Access

The Hubbub Lite WordPress plugin before 1.33.1 does not ensure that user have access to password protected post before displaying its content in a meta tag...

Design/Logic Flaw

The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 12 via the meta description data. This makes it possible for unauthenticated attackers to view password protected post content when viewing the page source...

CVE-2024-1769 JM Twitter Cards <= 14 - Information Exposure via Meta Description

The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 14 via the meta description data. This makes it possible for unauthenticated attackers to view password protected post content when viewing the page source...

JM Twitter Cards < 14.1.0 - Password Protected Post Access

Description The plugin is vulnerable to Information Exposure via the meta description data, allowing unauthenticated attackers to view password protected post content when viewing the page source...

CVE-2023-5845

The CVE-2023-5845 pertains to the WordPress plugin Simple Social Media Share Buttons (versions prior to 5.1.1). The underlying issue is leakage of password-protected post content to unauthenticated visitors via certain meta tags (notably og:description and twitter:description). Affected component...

CVE-2021-24635 Visual Link Preview < 2.2.3 - Unauthorised AJAX Calls

The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user such as subscriber to call them and 1 Get and search through title and content of Draft post, ...

Visual Link Preview < 2.2.3 - Unauthorised AJAX Calls

The plugin does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user such as subscriber to call them and 1 Get and search through title and content of Draft post, 2 Get title of a password-protected post as...

Directory Traversal

wordpress is vulnerable to denial of service DoS attacks. The vulnerability exists in wp-includes/class-phpass.php where a large password can be used to attempt to cause DoS attacks in a password protected post...

CVE-2013-2173

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service CPU consumption via a crafted value of a certain wp-postpass cookie...

CVE-2013-2173

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service CPU consumption via a crafted value of a certain wp-postpass cookie...

CVE-2013-2173

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service CPU consumption via a crafted value of a certain wp-postpass cookie...