Unauthorized Access

pixelfed/pixelfed is vulnerable to Unauthorized Access. The vulnerability is due to insufficient verification of follow requests, allowing unauthorized users to access private posts across Fediverse servers...

CVE-2024-13430 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Authenticated (Contributor+) Private Post Disclosure in pagelayer_builder_posts_shortcode

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayerbuilderpostsshortcode' function due to insufficient restrictions on which posts can be included. This makes it...

CVE-2024-13832

The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'utelementor' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

CVE-2024-13841

The Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via the 'bse-elementor-template' shortcode due to insufficient restrictions on which posts can be included. This...

CVE-2024-13514

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.5 via the 'bsb-slider' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, wi...

CVE-2024-12102

The Typer Core plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.6 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-12116

The CVE-2024-12116 vulnerability in Unlimited Theme Addon For Elementor and WooCommerce (WordPress) allows Information Exposure via the uta-template shortcode in all versions up to 1.2.1. Exploitation requires Contributor-level authentication. A fix exists in version 1.2.2 (and later) per Wordfen...

PT-2024-16557 · WordPress · The Royal Elementor Addons/Templates

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.7.1003 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts...

Mattermost Access Control Error Vulnerability (CNVD-2023-55043)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an Access Control Error vulnerability that stems from not checking the identity of a channel member when accessing a message thread, which can be exploited by an attacker to...

PT-2023-16593 · WordPress · Shortcodes Ultimate

Name of the Vulnerable Software and Affected Versions: Shortcodes Ultimate WordPress plugin versions prior to 5.12.8 Description: The issue allows any authenticated users, such as subscribers, to view draft, private, or even password-protected posts. It is also possible to leak the password of...