CVE-2024-5545

The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stmeditdeleteusercar function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to...

CVE-2024-5545 Motors – Car Dealer, Classifieds & Listing <= 1.4.9 - Missing Authorization

The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stmeditdeleteusercar function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to...

CVE-2024-5942

The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.0 via the 'contentclone' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access...

CVE-2024-5942

The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.0 via the 'contentclone' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access...

CVE-2024-5942

CVE-2024-5942 affects the WordPress Page and Post Clone plugin. The issue is an Insecure Direct Object Reference in the content_clone function due to missing validation on a user-controlled key, enabling authenticated attackers with Author+ access to clone and read private posts. Technical detail...

PT-2024-37257 · WordPress · Page/Post Clone

Name of the Vulnerable Software and Affected Versions: Page and Post Clone plugin for WordPress versions up to, and including, 6.0 Description: The issue allows authenticated attackers with Author-level access and above to clone and read private posts due to missing validation on a user-controlle...

GO-2024-2592 Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server

Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

CVE-2024-2795

CVE-2024-2795 pertains to the SEO SIMPLE PACK WordPress plugin and describes an Information Exposure vulnerability in all versions up to 3.2.1. According to connected sources, the issue arises via the META description, allowing unauthenticated attackers to extract limited information about passwo...

CVE-2024-2795 SEO SIMPLE PACK <= 3.2.1 - Information Exposure

The SEO SIMPLE PACK plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.1 via META description. This makes it possible for unauthenticated attackers to extract limited information about password protected posts...

CVE-2024-4874

The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2024-4874 Bricks Builder <= 1.9.8 - Insecure Direct Object Reference

The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and...

WordPress plugin Bricks Builder security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-6120 Sparkle Demo Importer <= 1.4.7 - Missing Authorization to Authorized(Subscriber+) Post/Pages/Attachements Deletion and Demo Data Import

The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for authenticated attackers, with Subscriber-level access...

WordPress plugin YARPP security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Widget Options - Extended <= 5.1.0 & Widget Options <= 4.0.1 - Authenticated (Subscriber+) Information Disclosure

Description The Widget Options - Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to 5.1.3 exclusive for Widget Options - Extended and all versions up to, and including, 4.0.1 for Widget Options. This makes it possible for unauthenticated attackers ...

CVE-2024-5615

The Open Graph plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.2 via the 'opengraphdefaultdescription' function. This makes it possible for unauthenticated attackers to extract sensitive data including partial content of...

CVE-2024-5615

The Open Graph plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.2 via the 'opengraphdefaultdescription' function. This makes it possible for unauthenticated attackers to extract sensitive data including partial content of...

CVE-2024-5615

The CVE-2024-5615 entry concerns the WordPress Open Graph plugin vulnerability allowing Sensitive Information Exposure via opengraph_default_description in versions up to 1.11.2. Connected Red Hat entry repeats this description; no additional technical details (e.g., patch version or concrete exp...

GO-2024-2635 Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server

Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server...

CVE-2024-4886

The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request...