CVE-2026-32363

Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLifeCycle: from n/a through = 3.3.1...

📄 ionCube Loader Wizard 14.4.0 Scanner

ionCube Loader Wizard version 2.34 scanner that look for the installation file and displays PHP info to gather more information about the target. ============================================================================================================================================= | Title :...

EUVD-2023-57998

Malicious code in bioql PyPI...

EUVD-2024-50940

Malicious code in bioql PyPI...

CVE-2024-46547

A vulnerability was found in Romain Bourdon Wampserver all versions discovered in v3.2.3 and v3.2.6 where unauthorized users could access sensitive information due to improper access control validation via PHP Info Page. This issue can lead to data leaks...

CVE-2023-5711

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdphpinfo function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level acces...

CVE-2025-2882 GreenPay(tm) by Green.Money 3.0.0 - 3.0.9 - Unauthenticated Information Exposure

The GreenPaytm by Green.Money plugin for WordPress is vulnerable to Sensitive Information Exposure in versions between 3.0.0 and 3.0.9 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in th...

CVE-2024-12535

The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefin...

Exploit for CVE-2024-12542

CVE-2024-12542-PoC Missing Authorization to Unauthenticated Se...

CVE-2024-12535

The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefin...

CVE-2024-12535 Host PHP Info <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Disclosure

The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefin...

PT-2025-1888 · WordPress · Host Php Info

Name of the Vulnerable Software and Affected Versions: Host PHP Info plugin for WordPress versions up to, and including, 1.0.4 Description: The issue allows unauthorized access to data due to a missing capability check when including the phpinfo function. This makes it possible for unauthenticate...

WordPress Host PHP Info plugin <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Host PHP Info versions = 1.0.4...

CVE-2024-46547

A vulnerability was found in Romain Bourdon Wampserver all versions discovered in v3.2.3 and v3.2.6 where unauthorized users could access sensitive information due to improper access control validation via PHP Info Page. This issue can lead to data leaks...

CVE-2024-46547

CVE-2024-46547 affects Wampserver (Romain Bourdon) versions 3.2.3 and 3.2.6. The issue arises from improper access-control validation on the PHP Info Page, allowing unauthorized users to access sensitive information. The documented impact is data leakage. No remediation details are provided in th...

CVE-2024-10486 Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible printphpinformation.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PH...

WordPress Google for WooCommerce plugin <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File vulnerability

Information Disclosure via Publicly Accessible PHP Info File vulnerability discovered by Francesco Carlucci in WordPress Plugin Google for WooCommerce versions = 2.8.6...

CVE-2023-29116 PHP Information Disclosure in Enel X JuiceBox

Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained...

System Dashboard < 2.8.8 - Missing Authorization to Information Disclosure (sd_php_info)

Description The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdphpinfo function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with...

CVE-2023-5711 System Dashboard <= 2.8.8 - Missing Authorization to Information Disclosure (sd_php_info)

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdphpinfo function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level acces...