CVE-2024-3915

CVE-2024-3915 affects the Swift Framework WordPress plugin (versions up to and including 2.7.31). The root cause is a missing capability check in sf_edit_directory_item(), enabling unauthenticated attackers to modify arbitrary posts/content. Impact per available data is limited to integrity (LOW)...

CVE-2024-34427

CVE-2024-34427 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin WP Favorite Posts, affecting versions from n/a through 1.6.8. The description notes CSRF risk but does not specify affected themes, exact attack vector, or exploit details beyond the vulnerability t...

CVE-2024-34427 WordPress WP Favorite Posts plugin <= 1.6.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Huseyin Berberoglu WP Favorite Posts.This issue affects WP Favorite Posts: from n/a through 1.6.8...

PT-2024-25880 · WordPress · Wp Favorite Posts

Name of the Vulnerable Software and Affected Versions: WP Favorite Posts versions 1.6.8 and earlier Description: A Cross-Site Request Forgery CSRF issue has been identified. This type of issue allows an attacker to trick a user into performing unintended actions on a web application that the user...

CVE-2024-4135

CVE-2024-4135 affects the WP Latest Posts WordPress plugin, vulnerable in all versions up to 5.0.7. Unauthenticated attackers can trigger arbitrary shortcodes due to unvalidated user input used by do_shortcode. CVSS v3.1 base score 5.4 (Medium). A patched version exists; remediation is to update ...

WordPress WP Latest Posts plugin <= 5.0.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin WP Latest Posts versions = 5.0.7...

Post Grid Master < 3.4.8 - Missing Authorization

Description The Post Grid Master plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ampostgridloadpostsajaxfunctions function in versions up to, and including, 3.4.7. This makes it possible for unauthenticated attackers to load posts...

WordPress WP Favorite Posts plugin <= 1.6.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Huynh Tien Si Patchstack Alliance in WordPress Plugin WP Favorite Posts versions = 1.6.8...

WordPress Last Viewed Posts by WPBeginner plugin <= 1.0.0 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin Last Viewed Posts by WPBeginner versions = 1.0.0...

CVE-2024-4034

The Virtue theme for WordPress is vulnerable to Stored Cross-Site Scripting via a Post Author's name in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping when the latest posts feature is enabled on the homepage. This makes it possible for...

CVE-2024-3599

The WP Cookie Consent for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdprpolicyprocessdelete function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete...

CVE-2024-3312

The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.12. This makes it possible for unauthenticated attackers to obtain excerpts of password-protected posts...

CVE-2024-3275

The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the searchposts function. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain post excerpts...

CVE-2023-6731

The WP Show Posts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with subscriber access and above, to view arbitrary pos...

CVE-2023-6731

The WP Show Posts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with subscriber access and above, to view arbitrary pos...

CVE-2023-6962

The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.12 via the meta description. This makes it possible for unauthenticated attackers to disclose potentially sensitive information via the meta description of...

CVE-2023-6731

CVE-2023-6731 affects the WP Show Posts plugin for WordPress. The issue is a missing capability check on multiple AJAX functions, present in all versions up to and including 1.1.5. This enables authenticated attackers with subscriber+ privileges to access data they should not be able to view, spe...

CVE-2023-6731 WP Show Posts <= 1.1.5 - Improper Authorization to Information Exposure

The WP Show Posts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with subscriber access and above, to view arbitrary pos...

CVE-2024-4034 Virtue <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Author

The Virtue theme for WordPress is vulnerable to Stored Cross-Site Scripting via a Post Author's name in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping when the latest posts feature is enabled on the homepage. This makes it possible for...

CVE-2024-3312

CVE-2024-3312 affects the Easy Custom Auto Excerpt WordPress plugin (versions up to 2.4.12). It allows unauthenticated attackers to obtain excerpts from password-protected posts, constituting Sensitive Information Exposure. CVSS v3.1 is 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (base score 5.3, Med...