CVE-2024-12335

The Avada Fusion Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handleclonepost function and the 'fusionblog' shortcode and due to insufficient restrictions on which posts can be included. This makes it possible for...

CVE-2024-12335

CVE-2024-12335 concerns the Avada (Fusion) Builder for WordPress. The issue allows information disclosure via handle_clone_post and the fusion_blog shortcode, due to insufficient restrictions on which posts can be included. Affected versions are all up to and including 3.11.12. The vulnerability ...

PT-2024-17549 · WordPress · Avada (Fusion) Builder

Name of the Vulnerable Software and Affected Versions: Avada Fusion Builder plugin for WordPress versions up to, and including, 3.11.12 Description: The issue allows authenticated attackers with contributor-level access and above to extract data from password protected, private, or draft posts th...

WordPress plugin Avada Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-12266

creationtimestamp| type| source ---|---|--- 2024-12-24 04:33:38+00:00| seen| https://infosec.exchange/users/cve/statuses/113705931125851703 2024-12-24 04:37:00+00:00| seen| https://infosec.exchange/users/cve/statuses/113705944355832590 2024-12-24 05:15:20+00:00| seen|...

PT-2024-17440 · WordPress · Content No Cache

Name of the Vulnerable Software and Affected Versions: Content No Cache: prevent specific content from being cached plugin for WordPress versions up to, and including, 0.1.2 Description: The issue allows unauthenticated attackers to extract data from password protected, private, or draft posts du...

CVE-2024-53961

creationtimestamp| type| source ---|---|--- 2024-12-23 20:03:29+00:00| seen| https://bsky.app/profile/hackingne.ws/post/3ldypynqt7h2l 2024-12-23 20:12:14+00:00| seen| https://bsky.app/profile/tmjintel.bsky.social/post/3ldyqieobu22t 2024-12-23 20:20:53+00:00| seen|...

CVE-2024-11297

The Page Restriction WordPress WP – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from pos...

CVE-2024-12727

creationtimestamp| type| source ---|---|--- 2024-12-19 20:32:25+00:00| seen| https://infosec.exchange/users/cve/statuses/113681389646115127 2024-12-19 21:15:36+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ldos5xymum2s 2024-12-19 23:11:05+00:00| seen|...

CVE-2024-54150

creationtimestamp| type| source ---|---|--- 2024-12-19 19:15:38+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ldolhjv6ye27 2024-12-19 20:40:33+00:00| seen| https://t.me/cvedetector/13362 2024-12-21 08:24:32+00:00| seen|...

CVE-2024-12560

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btnblockduplicatepost' function. This makes it possible for authenticated attackers, with Contributor-leve...

PT-2024-17655 · WordPress · Button Block

Name of the Vulnerable Software and Affected Versions: Button Block plugin for WordPress versions up to, and including, 1.1.5 Description: The issue allows authenticated attackers with Contributor-level access and above to extract potentially sensitive data from draft, scheduled, private, and...

CVE-2024-52591

creationtimestamp| type| source ---|---|--- 2024-12-18 19:21:36+00:00| seen| https://infosec.exchange/users/cve/statuses/113675448878441837 2024-12-18 22:03:56+00:00| seen| https://t.me/cvedetector/13246 2025-03-10 19:40:22+00:00| seen|...

CVE-2024-11291

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated...

CVE-2024-11291

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated...

CVE-2024-11295

CVE-2024-11295 affects the WordPress plugin Simple Page Access Restriction. All versions up to 1.0.29 are vulnerable to sensitive information exposure via the WordPress core search feature, allowing unauthenticated attackers to extract data from posts restricted to higher-level roles. Publicly av...

CVE-2024-12061

The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naeventselementortemplate shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, wi...

PT-2024-16890 · WordPress · Simple Page Access Restriction

Name of the Vulnerable Software and Affected Versions: Simple Page Access Restriction plugin for WordPress versions up to 1.0.29 Description: The issue allows unauthenticated attackers to extract sensitive data from posts restricted to higher-level roles, such as logged-in users, via the WordPres...

PT-2024-16886 · WordPress · Paid Membership Subscriptions

Name of the Vulnerable Software and Affected Versions: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress versions up to, and including, 2.13.4 Description: The vulnerability allows unauthenticated attackers to extract sensitive...

CVE-2024-49194

creationtimestamp| type| source ---|---|--- 2024-12-17 19:57:45+00:00| seen| https://infosec.exchange/users/cve/statuses/113669928710434373 2024-12-17 21:48:09+00:00| seen| https://t.me/cvedetector/13127 2024-12-20 06:25:11+00:00| seen| https://bsky.app/profile/dinosn.bsky.social/post/3ldpqun5z7c...