CVE-2024-9889

The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9 via the Page Loader widget. This makes it possible for authenticated attackers, with contributor-level access and above, to view...

CVE-2024-9889

CVE-2024-9889 affects ElementInvader Addons for Elementor (WordPress). The vulnerability allows authenticated attackers with contributor-level access and above to perform Sensitive Information Exposure via the Page Loader widget, enabling viewing of private/draft/password-protected posts, pages, ...

WordPress Endless Posts Navigation plugin <= 2.2.7 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Endless Posts Navigation versions = 2.2.7...

WordPress Most And Least Read Posts Widget plugin <= 2.5.18 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Most And Least Read Posts Widget versions = 2.5.18...

WordPress Endless Posts Navigation Plugin <= 2.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Endless Posts Navigation Type Plugin Vulnerable versions = 2.2.7 Fixed in 2.2.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49629 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6c607ad01f6a Credits...

PT-2024-39915 · WordPress · Elementinvader Addons For Elementor

Name of the Vulnerable Software and Affected Versions: ElementInvader Addons for Elementor plugin for WordPress versions up to, and including, 1.2.9 Description: The issue allows authenticated attackers with contributor-level access and above to view private, draft, and password-protected posts,...

CVE-2024-48031

Cross-Site Request Forgery CSRF vulnerability in sumitsurai Featured Posts with Multiple Custom Groups FPMCG featured-posts-with-multiple-custom-groups-fpmcg allows Cross Site Request Forgery.This issue affects Featured Posts with Multiple Custom Groups FPMCG: from n/a through = 4.0...

CVE-2024-48032

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sumitsurai Featured Posts with Multiple Custom Groups FPMCG featured-posts-with-multiple-custom-groups-fpmcg allows Reflected XSS.This issue affects Featured Posts with Multiple Custom Groups FPMCG...

CVE-2024-7417

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the datafetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected...

WordPress plugin Featured Posts with Multiple Custom Groups 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress...

WordPress plugin Featured Posts with Multiple Custom Groups 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2024-32949 · Unknown · Featured Posts With Multiple Custom Groups

Name of the Vulnerable Software and Affected Versions: Featured Posts with Multiple Custom Groups FPMCG versions n/a through 4.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Cross Site Request Forgery. Recommendations: For versions n/a through 4.0, update ...

PT-2024-32950 · Unknown · Featured Posts With Multiple Custom Groups

Name of the Vulnerable Software and Affected Versions: Featured Posts with Multiple Custom Groups FPMCG versions n/a through 4.0 Description: This issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. It allows for Reflected XS...

CVE-2024-44762

creationtimestamp| type| source ---|---|--- 2024-10-16 23:55:21+00:00| seen| https://t.me/cvedetector/8128 2025-04-03 11:24:06+00:00| seen| https://bsky.app/profile/nimblenerd.social/post/3llvs2yg6t62t 2025-04-04 21:02:07+00:00| seen|...

WordPress Royal Elementor Addons and Templates plugin <= 1.3.986 - Authenticated (Subscriber+) Private Post Disclosure vulnerability

Authenticated Subscriber+ Private Post Disclosure vulnerability discovered by stealthcopter in WordPress Plugin Royal Elementor Addons versions = 1.3.986...

CVE-2024-48029

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Hung Trang Si SB Random Posts Widget sb-random-posts-widget allows PHP Local File Inclusion.This issue affects SB Random Posts Widget: from n/a through = 1.0...

CVE-2024-48029

CVE-2024-48029 affects the WordPress SB Random Posts Widget. The vulnerability is an improper control of the filename for include/require statements in PHP (PHP Remote File Inclusion) that enables Local File Inclusion via the SB Random Posts Widget

CVE-2024-9956

creationtimestamp| type| source ---|---|--- 2024-10-16 00:28:19+00:00| seen| https://t.me/cvedetector/7964 2025-03-10 15:51:40+00:00| seen| https://t.me/itsecnews/5454 2025-03-15 01:15:00+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/11927 2025-03-18 18:07:27+00:00|...

PT-2024-38333 · WordPress · The Royal Elementor Addons/Templates

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.3.986 Description: The issue allows authenticated attackers with subscriber-level access and above to extract data from password protected posts vi...

CVE-2024-37383

creationtimestamp| type| source ---|---|--- 2024-10-15 14:01:18+00:00| published-proof-of-concept| https://t.me/criticalbug/1567 2024-10-16 12:35:28+00:00| exploited| https://t.me/xakepru/16551 2024-10-22 14:40:05+00:00| exploited| https://t.me/truesecator/6345 2024-10-24 04:06:50+00:00|...