6232 matches found
WordPress Inline Related Posts Plugin < 3.6.0 is vulnerable to Broken Access Control
Software Inline Related Posts Type Plugin Vulnerable versions 3.6.0 Fixed in 3.6.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6257 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c2f0b627f547 Credits Krzysztof Zając CERT PL...
WordPress Related Posts for WordPress Plugin <= 4.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Related Posts for WordPress Type Plugin Vulnerable versions = 4.0.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32549 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID cc6d55801af6 Credits Dimas...
CVE-2024-0881
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...
CVE-2024-0881
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...
CVE-2024-0881 Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...
CVE-2024-0881 Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...
CVE-2023-6257
The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts...
CVE-2023-6257
The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts...
CVE-2023-6257 Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read
The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts...
Post Type Builder < 2.1.4 - Subscriber+ Arbitrary Post/Page Creation
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on a function. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary pages and posts...
PT-2024-22952 · WordPress · Element Pack Elementor Addons
Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.5.6 Description: The issue allows unauthenticated attackers to extract sensitive data, including password-protected post details, via the element pack aja...
WordPress plugin Combo Blocks 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...
PT-2024-14915 · WordPress · Inline Related Posts
Name of the Vulnerable Software and Affected Versions: Inline Related Posts WordPress plugin versions prior to 3.6.0 Description: The issue is related to missing authorization in an AJAX action, which allows any authenticated user, such as a subscriber, to retrieve the content of password-protect...
WordPress Inline Related Posts plugin <= 3.3.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Brandon Roldan Patchstack Alliance in WordPress Plugin Inline Related Posts versions = 3.3.1...
CVE-2024-3235 Essential Grid <= 3.1.1 - Unauthenticated Private Post Disclosure
The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the onfrontajaxaction function. This makes it possible for unauthenticated attackers to view private and password protected posts that m...
CVE-2024-3235 Essential Grid <= 3.1.1 - Unauthenticated Private Post Disclosure
The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the onfrontajaxaction function. This makes it possible for unauthenticated attackers to view private and password protected posts that m...
PT-2024-24526 · WordPress · Essential Grid Gallery
Name of the Vulnerable Software and Affected Versions: The Essential Grid Gallery WordPress Plugin versions up to, and including, 3.1.1 Description: The issue allows unauthenticated attackers to view private and password-protected posts that may contain sensitive information. This is possible due...
Wordpress Plugin Essential Grid 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Inline Related Posts Plugin <= 3.3.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Inline Related Posts Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.4.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31426 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 472557d2a031 Credits Brandon Roldan...
CVE-2024-2974
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the loadmore function. This can allow unauthenticated attackers to extract sensitiv...