WordPress plugin Remove Duplicate Posts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

CVE-2024-10689 XLTab – Accordions and Tabs for Elementor Page Builder <= 1.4 - Authenticated (Contributor+) Post Disclosure

The XLTab – Accordions and Tabs for Elementor Page Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4 via the 'XLTABINSERTTPL' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for...

PT-2024-16468 · WordPress · Powerpack Addons For Elementor

Name of the Vulnerable Software and Affected Versions: PowerPack Elementor Addons plugin for WordPress versions up to, and including, 2.8.1 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from password protected, private, or draft post...

PT-2024-16464 · WordPress · Xltab

Name of the Vulnerable Software and Affected Versions: XLTab – Accordions and Tabs for Elementor Page Builder plugin for WordPress versions up to, and including, 1.4 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft...

CVE-2024-51546

creationtimestamp| type| source ---|---|--- 2024-12-05 13:37:59+00:00| seen| https://infosec.exchange/users/cve/statuses/113600487651084599 2024-12-05 15:21:26+00:00| seen| https://t.me/cvedetector/12088 2025-01-07 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-007-...

CVE-2024-10937 Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.58 - Sensitive Information Exposure

The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wpajaxnoprivrelatedpostajaxgetpostids AJAX action. This makes it possible for...

PT-2024-16536 · WordPress · Anywhere Elementor

Name of the Vulnerable Software and Affected Versions: AnyWhere Elementor plugin for WordPress versions up to, and including, 1.2.11 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts created by Elementor that...

CVE-2024-10787

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers...

WordPress plugin BasePress Docs 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-16440 · WordPress · Basepress Docs

Name of the Vulnerable Software and Affected Versions: Knowledge Base documentation & wiki plugin – BasePress Docs plugin for WordPress versions up to, and including, 2.16.3.3 Description: The issue allows authenticated attackers with Subscriber-level access and above to update the database due t...

PT-2024-16546 · WordPress · La-Studio Element Kit

Name of the Vulnerable Software and Affected Versions: LA-Studio Element Kit for Elementor plugin for WordPress versions 1.4.4 and earlier Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private and draft posts created by Elemento...

He Got Banned From X. Now He Wants to Help You Escape, Too

When programmer Micah Lee was kicked off X for a post that offended Elon Musk, he didn't look back. His new tool for saving and deleting your X posts can give you that same sweet release...

CVE-2024-8300

creationtimestamp| type| source ---|---|--- 2024-12-03 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-04 2025-03-11 11:30:05+00:00| seen| https://t.me/truesecator/6826 2025-03-11 11:31:39+00:00| seen|...

CVE-2024-12062

The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharityelementortemplate' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers...

CVE-2024-53780

Cross-Site Request Forgery CSRF vulnerability in rajeevglocify Load More Posts load-more-posts allows Stored XSS.This issue affects Load More Posts: from n/a through = 1.5.0...

CVE-2024-53730

Cross-Site Request Forgery CSRF vulnerability in springthistle April's Call Posts aprils-call-posts allows Stored XSS.This issue affects April's Call Posts: from n/a through = 2.1.1...

CVE-2024-53780 WordPress Load More Posts plugin <= 1.5.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in rajeevglocify Load More Posts load-more-posts allows Stored XSS.This issue affects Load More Posts: from n/a through = 1.5.0...

CVE-2024-53780 WordPress Load More Posts plugin <= 1.5.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in rajeevglocify Load More Posts load-more-posts allows Stored XSS.This issue affects Load More Posts: from n/a through = 1.5.0...

CVE-2024-53780

CVE-2024-53780 describes a Cross-Site Request Forgery that enables Stored XSS in the WordPress Load More Posts plugin, affecting versions up to 1.4.0 (per the CVE entry). The available connected sources corroborate the CSRF-to-Stored-XSS issue and indicate a later fix in version 1.5.0 or newer (P...

CVE-2024-53730 WordPress April's Call Posts plugin <= 2.1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in springthistle April's Call Posts aprils-call-posts allows Stored XSS.This issue affects April's Call Posts: from n/a through = 2.1.1...