CVE-2020-11028 Unauthenticated disclosure of certain private posts in WordPress

In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release 5.3.3, 5.2.6, 5.1.5, 5.0.9,...

CVE-2020-11028

In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release 5.3.3, 5.2.6, 5.1.5, 5.0.9,...

WordPress < 5.4.1 - Unauthenticated Users View Private Posts

Description This could have allowed unauthenticated users to view private posts by manipulating time and date queries...

PT-2020-3603 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.4.1 WordPress versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33 Description: In affected versions of WordPress, some priva...

CVE-2020-9514

An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user with the Subscriber role to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages via...

Code injection

An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user with the Subscriber role to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages via...

Emerging APT Mounts Mass iPhone Surveillance Campaign

A recently discovered, mass-targeted watering-hole campaign has been aiming at Apple iPhone users in Hong Kong – infecting website visitors with a newly developed custom surveillance malware. The bad code – the work of a new APT called “TwoSail Junk” – is delivered via a multistage exploit chain...

CVE-2015-5483

Multiple cross-site request forgery CSRF vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 add users, 2 delete posts, or 3 modify PHP files via unspecified vectors, or 4 conduct cross-site...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 add users, 2 delete posts, or 3 modify PHP files via unspecified vectors, or 4 conduct cross-site...

CVE-2015-5483

Multiple cross-site request forgery CSRF vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 add users, 2 delete posts, or 3 modify PHP files via unspecified vectors, or 4 conduct cross-site...

Wordable < 3.1.2 - Plugin's Authentication Bypass

This could allow an unauthenticated user to bypass the plugin authentication process and temporarily gain administrative privileges, allowing the publication of pages and posts on the blog, as well as the upload of media files...

WordPress Batch-Move Posts plugin <= 1.5 - Broken Authentication vulnerability leading to Unauthenticated Stored Cross-Site Scripting (XSS)

Broken Authentication vulnerability leading to Unauthenticated Stored Cross-Site Scripting XSS discovered Noman Riffat in WordPress Batch-Move Posts plugin versions = 1.5. Solution Plugin closed. Deactivate and delete...

CVE-2019-20209

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...

Fedora 31 : wordpress (2019-e16ba9e54e)

WordPress 5.3.2 Maintenance Release Shortly after WordPress 5.3.1 was released, a couple of high severity Trac tickets were opened. The Core team scheduled this quick maintenance release to resolve these issues. Main issues addressed in 5.3.2 : - Date/Time: Ensure that getfeedbuilddate correctly...

CVE-2019-20203

The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message...

DEBIAN-CVE-2019-20043

In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this...

UBUNTU-CVE-2019-20043

In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this...

WordPress Unauthorized Operation Vulnerability (CNVD-2020-03944)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress versions prior to 5.3.1, which stems from a lack of access contro...

CVE-2019-15239

creationtimestamp| type| source ---|---|--- 2019-12-11 03:00:17+00:00| seen| https://t.me/indoghostsec/731 2019-12-11 16:24:35+00:00| seen| https://t.me/indoghostsec/751 2019-12-13 11:21:12+00:00| seen| Telegram/iQUZE2pIByE4vkwExY2sw7tjReCcmi36nOFNFwktNW4 2019-12-14 01:31:35+00:00| seen|...

Ultimate Facebook Scraper - A Bot Which Scrapes Almost Everything About A Facebook User'S Profile Including All Public Posts/Statuses Available On The User'S Timeline, Uploaded Photos, Tagged Photos, Videos, Friends List And Their Profile Photos

Tooling that automates your social media interactions to collect posts, photos, videos, friends, followers and much more on Facebook. Features A bot which scrapes almost everything about a facebook user's profile including uploaded photos tagged photos videos friends list and their profile photos...