7 matches found
CVE-2026-33398
NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/getquotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...
CVE-2026-4066
The CVE concerns the Smart Custom Fields plugin for WordPress (affected: all versions up to and including 5.0.6). A missing capability check in relational_posts_search() allows authenticated users with Contributor-level access or higher to read private and draft posts from other authors via the s...
CVE-2023-4036
The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones...
EUVD-2022-2992
Malicious code in bioql PyPI...
EUVD-2023-44342
Malicious code in bioql PyPI...
CVE-2024-1473
The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing maintenance mo...
PT-2024-18076 · WordPress · Wp Maintenance
Name of the Vulnerable Software and Affected Versions: WP Maintenance plugin for WordPress versions up to, and including, 6.1.6 Description: The issue allows unauthenticated attackers to bypass the plugin's maintenance mode and obtain post and page content via the REST API. Recommendations: For W...