6232 matches found
CVE-2024-3312 Easy Custom Auto Excerpt <= 2.4.12 - Sensitive Information Exposure
The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.12. This makes it possible for unauthenticated attackers to obtain excerpts of password-protected posts...
CVE-2024-3312 Easy Custom Auto Excerpt <= 2.4.12 - Sensitive Information Exposure
The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.12. This makes it possible for unauthenticated attackers to obtain excerpts of password-protected posts...
CVE-2024-3275 eRoom – Zoom Meetings & Webinar <= 1.4.18 - Missing Authorization to Information Exposure
The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the searchposts function. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain post excerpts...
CVE-2024-3275 eRoom – Zoom Meetings & Webinar <= 1.4.18 - Missing Authorization to Information Exposure
The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the searchposts function. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain post excerpts...
CVE-2024-3599 WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.0.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
The WP Cookie Consent for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdprpolicyprocessdelete function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete...
CVE-2023-6962
CVE-2023-6962 affects the WP Meta SEO WordPress plugin, with a Sensitive Information Exposure vulnerability present in all versions up to and including 4.5.12, allowing unauthenticated attackers to disclose sensitive data via the meta description of password-protected posts. The linked records co...
CVE-2023-6962 WP Meta SEO <= 4.5.12 - Information Exposure via Meta Description
The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.12 via the meta description. This makes it possible for unauthenticated attackers to disclose potentially sensitive information via the meta description of...
CVE-2023-6962 WP Meta SEO <= 4.5.12 - Information Exposure via Meta Description
The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.12 via the meta description. This makes it possible for unauthenticated attackers to disclose potentially sensitive information via the meta description of...
PT-2024-24825 · WordPress · Eroom – Zoom Meetings & Webinar
Name of the Vulnerable Software and Affected Versions: The eRoom – Zoom Meetings & Webinars plugin for WordPress versions up to, and including, 1.4.18 Description: The issue allows authenticated attackers with subscriber access or higher to obtain post excerpts, including those of draft and pendi...
PT-2024-15912 · WordPress · The Advanced Post Block – Display Posts
Name of the Vulnerable Software and Affected Versions: The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress versions up to, and including, 1.13.1 Description: The issue is related to unauthorized access of data due to a missing capability check on the...
PT-2024-28815 · WordPress · Virtue
Name of the Vulnerable Software and Affected Versions: Virtue theme for WordPress versions up to, and including, 3.4.8 Description: The issue is related to Stored Cross-Site Scripting via a Post Author's name due to insufficient input sanitization and output escaping when the latest posts feature...
PT-2024-25121 · WordPress · Easy Custom Auto Excerpt
Name of the Vulnerable Software and Affected Versions: Easy Custom Auto Excerpt plugin for WordPress versions up to, and including, 2.4.12 Description: The issue allows unauthenticated attackers to obtain excerpts of password-protected posts, potentially exposing sensitive information...
WordPress plugin eRoom 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
Smart Recent Posts Widget <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Smart Recent Posts Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-1371
The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...
CVE-2024-1371
The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...
CVE-2024-1371 LeadConnector <= 1.7 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...
CVE-2024-33643
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kailey Lampert Advanced Most Recent Posts Mod allows Stored XSS.This issue affects Advanced Most Recent Posts Mod: from n/a through 1.6.5.2...
CVE-2024-33643
CVE-2024-33643 affects the WordPress plugin Advanced Most Recent Posts Mod (vulnerable up to 1.6.5.2) with a Stored XSS due to improper input neutralization during page generation. The initial and connected docs confirm the vulnerability type and affected plugin; patch/version details beyond 1.6....
CVE-2024-33643 WordPress Advanced Most Recent Posts Mod plugin <= 1.6.5.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kailey Lampert Advanced Most Recent Posts Mod allows Stored XSS.This issue affects Advanced Most Recent Posts Mod: from n/a through 1.6.5.2...