CVE-2024-10690 Shortcodes for Elementor <= 1.0.4 - Authenticated (Contributor+) Post Disclosure

The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODEELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

CVE-2024-10690

The CVE-2024-10690 entry corresponds to the WordPress plugin Shortcodes for Elementor (versions up to 1.0.4). The issue is an Information Exposure flaw in the SHORTCODE_ELEMENTOR endpoint caused by insufficient access restrictions, enabling authenticated attackers with Contributor-level access or...

CVE-2024-10690 Shortcodes for Elementor <= 1.0.4 - Authenticated (Contributor+) Post Disclosure

The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODEELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

PT-2024-17596 · WordPress · Get Post Content Shortcode

Name of the Vulnerable Software and Affected Versions: Get Post Content Shortcode plugin for WordPress versions up to, and including, 0.4 Description: The issue is related to Insecure Direct Object Reference. This is due to missing validation on a user-controlled key in the 'post-content'...

PT-2024-16466 · WordPress +1 · Shortcodes For Elementor +1

Name of the Vulnerable Software and Affected Versions: Shortcodes for Elementor plugin for WordPress versions up to, and including, 1.0.4 RSTheme affected versions not specified Description: The issue is related to Information Exposure, where insufficient restrictions on which posts can be includ...

CVE-2024-54311

Missing Authorization vulnerability in i.lychkov Mark New Posts mark-new-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through = 7.5.1...

CVE-2023-41849

Missing Authorization vulnerability in WP Happy Coders Posts Like Dislike allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Posts Like Dislike: from n/a through 1.1.0...

CVE-2024-54311

CVE-2024-54311 is a Missing Authorization vulnerability in the WordPress plugin Mark New Posts . The issue allows exploitation of access control to modify settings via the plugin’s save_options flow, affecting versions up to and including 7.5.1 . The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I...

CVE-2024-54311 WordPress Mark New Posts plugin <= 7.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in i.lychkov Mark New Posts mark-new-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through = 7.5.1...

CVE-2023-41849

The CVE-2023-41849 entry concerns the WordPress Posts Like Dislike plugin (

CVE-2024-9290

creationtimestamp| type| source ---|---|--- 2024-12-13 09:30:14+00:00| seen| https://infosec.exchange/users/cve/statuses/113644811971420753 2024-12-13 12:25:39+00:00| seen| https://t.me/cvedetector/12853 2024-12-24 19:28:07+00:00| seen|...

CVE-2024-12309 Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts

The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the getpoststatus due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...

CVE-2024-12309 Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts

The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the getpoststatus due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...

CVE-2024-12309

CVE-2024-12309 affects Rate My Post – Star Rating Plugin for WordPress (FeedbackWP). The vulnerability is an Insecure Direct Object Reference in get_post_status() due to missing validation on a user-controlled key, allowing unauthenticated voters to affect unpublished posts. The CVE entry notes v...

PT-2024-36193 · Unknown · Mark New Posts

Name of the Vulnerable Software and Affected Versions: Mark New Posts versions n/a through 7.5.1 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions n/a through...

PT-2024-17538 · Feedbackwp · Rate My Post – Star Rating Plugin

Name of the Vulnerable Software and Affected Versions: Rate My Post – Star Rating Plugin by FeedbackWP versions up to, and including, 4.2.4 Description: The issue allows unauthenticated attackers to vote on unpublished scheduled posts due to missing validation on a user-controlled key in the get...

WordPress Rate My Post – WP Rating System plugin <= 4.2.4 - Unauthenticated Voting On Scheduled Posts vulnerability

Unauthenticated Voting On Scheduled Posts vulnerability discovered by HayMiz in WordPress Plugin Rate my Post versions = 4.2.4...

WordPress Category of Posts plugin <= 1.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Category of Posts versions = 1.0...

WordPress Display Future Posts plugin <= 0.2.3 - CSRF to Stored Cross-Site Scripting vulnerability

CSRF to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Display Future Posts versions = 0.2.3...

WordPress Visual Recent Posts plugin <= 1.2.3 - Reflected Cross Site Request Forgery (CSRF) vulnerability

Reflected Cross Site Request Forgery CSRF vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Visual Recent Posts versions = 1.2.3...