CVE-2024-8123 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Insecure Direct Object Reference

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicatepost function due to missing validation on a user controlled key. This makes it possible for authenticated attackers...

CVE-2024-8123 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Insecure Direct Object Reference

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicatepost function due to missing validation on a user controlled key. This makes it possible for authenticated attackers...

CVE-2024-8123

CVE-2024-8123 affects the WordPress plugin “The Ultimate WordPress Toolkit – WP Extended” (

PT-2024-37894 · WordPress · The Ivory Search

Name of the Vulnerable Software and Affected Versions: The Ivory Search – WordPress Search Plugin versions up to, and including, 5.5.6 Description: The issue allows unauthenticated attackers to extract text data from password-protected posts using a boolean-based attack on the AJAX search form...

PT-2024-38814 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress versions up to, and including, 3.0.8 Description: The issue allows authenticated attackers with Contributor-level access and above to duplicate posts written by other authors,...

CVE-2024-8370

creationtimestamp| type| source ---|---|--- 2024-09-02 01:19:47+00:00| seen| https://t.me/cvedetector/4583 2025-01-06 20:15:19+00:00| seen| https://infosec.exchange/users/cve/statuses/113783244019784638 2025-01-06 20:15:57+00:00| seen|...

CVE-2024-3679

The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data...

CVE-2024-3679 Premium SEO Pack – WP SEO Plugin <= 1.6.002 - Unauthenticated Information Exposure

The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.002. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data...

WordPress plugin Premium SEO Pack – WP SEO Plugin 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. WordPress plugin Premium S...

PT-2024-27161 · WordPress · The Premium Seo Pack – Wp Seo Plugin

Name of the Vulnerable Software and Affected Versions: The Premium SEO Pack – WP SEO Plugin plugin for WordPress versions up to, and including, 1.6.001 Description: The issue allows unauthenticated attackers to view limited information from password-protected posts through the social meta data...

PT-2024-16368 · WordPress · Funnelkit Funnel Builder

Name of the Vulnerable Software and Affected Versions: FunnelKit Funnel Builder Pro plugin for WordPress versions up to, and including, 3.4.5 Description: The issue is related to Stored Cross-Site Scripting, where the allow iframe tag in post function uses the wp kses allowed html filter to...

PT-2024-37150 · WordPress · Tutor Lms Pro

Name of the Vulnerable Software and Affected Versions: The Tutor LMS Pro plugin for WordPress versions up to, and including, 2.7.2 Description: The issue allows authenticated attackers with subscriber-level access and above to perform administrative actions on the site, such as deleting comments,...

CVE-2024-8195

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debugdata', 'debugquery', and 'debugredirect' functions in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to extra...

PT-2024-38867 · WordPress · Permalink Manager Lite

Name of the Vulnerable Software and Affected Versions: Permalink Manager Lite plugin for WordPress versions up to, and including, 2.4.4 Description: The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the debug data,...

CVE-2024-4872

creationtimestamp| type| source ---|---|--- 2024-08-27 15:43:22+00:00| seen| https://t.me/cvedetector/4245 2024-11-26 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-24-331-04 2025-04-03 13:00:37+00:00| seen|...

OESA-2024-2034 rubygem-rack security update

Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...

CVE-2024-7836

The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicatepageajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate...

CVE-2024-7836

CVE-2024-7836 affects the WordPress plugin Themify Builder: all versions up to and including 7.6.1 are vulnerable to unauthorized post duplication due to missing checks in the duplicate_page_ajaxify function. This allows authenticated attackers with Contributor-level access and above to duplicate...

WordPress plugin Themify Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-38615 · WordPress · Themify Builder

Name of the Vulnerable Software and Affected Versions: Themify Builder plugin for WordPress versions up to, and including, 7.6.1 Description: The issue allows authenticated attackers with Contributor-level access and above to duplicate and view private or draft posts created by other users, due t...