CVE-2024-53730

CVE-2024-53730 is a CSRF-to-Stored XSS vulnerability in the WordPress plugin “April’s Call Posts” (versions

CVE-2024-53730 WordPress April's Call Posts plugin <= 2.1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Aaron Hodge Silver April's Call Posts allows Stored XSS. This issue affects April's Call Posts: from n/a through 2.1.1...

PT-2024-35893 · Unknown · Load More Posts

Name of the Vulnerable Software and Affected Versions: Load More Posts versions 1.4.0 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

WordPress plugin Aprils Call Posts 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerabilit...

WordPress Load More Posts plugin <= 1.5.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Load More Posts versions = 1.5.0...

CVE-2024-10780

The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.9 via the 'narestaurantelementortemplate' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for...

CVE-2024-10798

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers,...

CVE-2024-10670

The Primary Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.2 via the primelementortemplate shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

CVE-2024-10798 Royal Elementor Addons and Templates <= 1.7.1003 - Authenticated (Contributor+) Post Disclosure

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers,...

PT-2024-16557 · WordPress · The Royal Elementor Addons/Templates

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.7.1003 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts...

PT-2024-16447 · WordPress · Primary Addon For Elementor

Name of the Vulnerable Software and Affected Versions: The Primary Addon for Elementor plugin for WordPress versions up to, and including, 1.6.2 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts created with...

CVE-2024-11083

The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

CVE-2024-5921

creationtimestamp| type| source ---|---|--- 2024-11-26 01:45:00+00:00| seen| https://security.paloaltonetworks.com/CVE-2024-5921 2024-11-26 04:36:37+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113547398128287677 2024-11-26 08:52:04+00:00| seen|...

WordPress April's Call Posts plugin <= 2.1.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin April's Call Posts versions = 2.1.1...

CVE-2024-10868

The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.9 via the Advanced Tabs widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated...

CVE-2024-10868 Enter Addons – Ultimate Template Builder for Elementor <= 2.1.9 - Authenticated (Contributor+) Post Disclosure

The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.9 via the Advanced Tabs widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated...

WordPress plugin Enter Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

WordPress April's Call Posts Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software April's Call Posts Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53730 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 5fa9ffdca641 Credits SOPROBRO Required...

PT-2024-16601 · WordPress · Enter Addons – Ultimate Template Builder For Elementor

Name of the Vulnerable Software and Affected Versions: The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress versions up to, and including, 2.1.9 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or...

PT-2024-39502 · WordPress · Wpdash Notes

Name of the Vulnerable Software and Affected Versions: WPDash Notes plugin for WordPress versions prior to 1.3.5 Description: The issue is related to a missing capability check on the wp ajax post it list comment function, allowing authenticated attackers with Subscriber-level access and above to...