Lucene search
K

7 matches found

NVD
NVD
added 2026/06/02 4:16 p.m.16 views

CVE-2026-33398

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/getquotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

7.1CVSS0.00225EPSS
Exploits0References1
CVE
CVE
added 2026/03/23 10:25 p.m.23 views

CVE-2026-4066

The CVE concerns the Smart Custom Fields plugin for WordPress (affected: all versions up to and including 5.0.6). A missing capability check in relational_posts_search() allows authenticated users with Contributor-level access or higher to read private and draft posts from other authors via the s...

4.3CVSS5.8AI score0.00289EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.7 views

CVE-2023-4036

The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones...

4.3CVSS6.9AI score0.00453EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-2992

Malicious code in bioql PyPI...

2.6CVSS4.7AI score0.03914EPSS
Exploits2References16
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-44342

Malicious code in bioql PyPI...

4.3CVSS6AI score0.00468EPSS
Exploits2References1
OSV
OSV
added 2024/03/20 7:15 a.m.4 views

CVE-2024-1473

The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing maintenance mo...

5.3CVSS5.8AI score0.00533EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.9 views

PT-2024-18076 · WordPress · Wp Maintenance

Name of the Vulnerable Software and Affected Versions: WP Maintenance plugin for WordPress versions up to, and including, 6.1.6 Description: The issue allows unauthenticated attackers to bypass the plugin's maintenance mode and obtain post and page content via the REST API. Recommendations: For W...

5.3CVSS6.3AI score0.00461EPSS
Exploits0References5
Rows per page
Query Builder