WordPress plugin linkID 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-1888 · WordPress · Host Php Info

Name of the Vulnerable Software and Affected Versions: Host PHP Info plugin for WordPress versions up to, and including, 1.0.4 Description: The issue allows unauthorized access to data due to a missing capability check when including the phpinfo function. This makes it possible for unauthenticate...

CVE-2024-12266

The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the elexdpexportrules and elexdpimportrules functions in all versions up to, and including, 2.1.7. This makes it possible for unauthenticated...

CVE-2024-12266 ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.7 - Missing Authorization

The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the elexdpexportrules and elexdpimportrules functions in all versions up to, and including, 2.1.7. This makes it possible for unauthenticated...

CVE-2024-12266

CVE-2024-12266 affects the ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress. The Red Hat advisory confirms a missing capability check in the functions elex_dp_export_rules() and elex_dp_import_rules() across all versions up to and including 2.1.7, enabling unauthenticated attac...

PT-2024-17519 · WordPress · Elex Woocommerce Dynamic Pricing/Discounts

Name of the Vulnerable Software and Affected Versions: ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress versions up to, and including, 2.1.7 Description: The issue arises from a missing capability check on the elex dp export rules and elex dp import rules functions, allowing...

CVE-2024-10588

The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from...

CVE-2024-10588 Debug Tool <= 2.2 - Missing Authorization to Information Exposure

The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from...

CVE-2024-10588

CVE-2024-10588 affects the Debug Tool WordPress plugin (all versions

PT-2024-16386 · WordPress · Debug Tool

Name of the Vulnerable Software and Affected Versions: Debug Tool plugin for WordPress versions up to, and including, 2.2 Description: The issue is related to a missing capability check on the info function, allowing authenticated attackers with subscriber-level access and above to obtain...

Craft CMS 4.4.14 Code Injection

============================================================================================================================================= | Title : Craft CMS 4.4.14 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits...

MTN Group: Unauthenticated phpinfo()files could lead to ability file read at █████████

The remote web server contained a PHP script that exposed sensitive information about the server's configuration through the phpinfo function. This information could have been used by an attacker to conduct further attacks against the system...

CVE-2024-44820

A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the eginfo.php file located at /3/Ebak5.1/upload/. When accessed with the query parameter phome=ShowPHPInfo, the application executes the phpinfo function, which exposes detailed information about the PHP...

CVE-2024-44820

CVE-2024-44820 affects ZZCMS v.2023 and earlier. The vulnerability resides in the eginfo.php file located at /3/E_bak5.1/upload/ and is triggered when phome=ShowPHPInfo is supplied, executing phpinfo() and exposing detailed PHP environment information (server config, loaded modules, variables). T...

Mars: phpinfo() exposed on ██████████

A phpinfo page was exposed at the URL ███████. This configuration issue allowed sensitive system information to be publicly accessed...

CVE-2024-7328

A vulnerability, which was classified as problematic, has been found in YouDianCMS 7. This issue affects some unknown processing of the file /t.php?action=phpinfo. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public...

PT-2024-38270 · Unknown · Youdiancms

Name of the Vulnerable Software and Affected Versions: YouDianCMS version 7 Description: A problematic issue has been found in the processing of the file "/t.php?action=phpinfo", leading to information disclosure. The attack can be initiated remotely. The vendor was contacted about this disclosur...

YouDianCMS 信息泄露漏洞

YouDianCMS YouDian CMS is a website builder from China YouDian Company. An information disclosure vulnerability exists in YouDianCMS version 7, which originates from an unknown handling of the file /t.php?action=phpinfo that can lead to information disclosure...

MTN Group: Unauthenticated phpinfo()files could lead to ability file read at h2f54.n1.ips.mtn.co.ug [/dashboard/]

The phpinfo files at h2f54.n1.ips.mtn.co.ug were left unauthenticated, potentially allowing remote attackers to obtain sensitive information about the web server configuration...

CVE-2024-35776

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo WP.This issue affects phpinfo WP: from n/a through 5.0...