WordPress Plugin MasterStudy LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Plugin AI Post Generator | AutoWriter 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-18361 · WordPress · Autowriter

Name of the Vulnerable Software and Affected Versions: AutoWriter plugin for WordPress versions up to, and including, 3.3 Description: The issue allows authenticated attackers with subscriber access or higher to access, modify, or delete posts due to a missing capability check on functions hooked...

PT-2024-18472 · WordPress · Graphene

Name of the Vulnerable Software and Affected Versions: The Graphene theme for WordPress versions up to, and including, 2.9.2 Description: The issue allows unauthorized access to data via a meta tag, making it possible for unauthenticated individuals to obtain post contents of password-protected...

PT-2024-18070 · Livemesh · Elementor Addons

Name of the Vulnerable Software and Affected Versions: Elementor Addons by Livemesh plugin for WordPress versions up to, and including, 8.3.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the slider style attribute o...

WordPress Theme Graphene 安全漏洞

WordPress is a blogging platform developed in the PHP language by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme Graphene 2.9.2 and earlier versions,...

PT-2024-18151 · WordPress · Newsmatic

Name of the Vulnerable Software and Affected Versions: Newsmatic theme for WordPress versions up to, and including, 1.3.0 Description: The issue allows unauthenticated attackers to view draft posts and post content due to Sensitive Information Exposure. This is possible via the newsmatic filter...

WordPress Theme Newsmatic 安全漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme Newsmatic 1.3.0 and earlier versions, which stems...

WordPress Plugin Elementor Addons by Livemesh 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin...

WordPress Plugin Essential Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-18068 · Livemesh · Elementor Addons

Name of the Vulnerable Software and Affected Versions: Elementor Addons by Livemesh plugin for WordPress versions up to and including 8.3.4 Description: The issue arises from insufficient input sanitization and output escaping in the 'style' attribute of the Posts Slider widget, allowing...

PT-2024-18069 · Livemesh · Elementor Addons

Name of the Vulnerable Software and Affected Versions: Elementor Addons by Livemesh plugin for WordPress versions up to, and including, 8.3.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the carousel skin attribute ...

PT-2024-22980 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress versions up to, and including, 5.9.13 Description: The issue allows unauthenticated attackers to extract sensitive data,...

WordPress Inline Related Posts plugin < 3.5.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Inline Related Posts versions 3.5.0...

CVE-2024-2444

The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-2950

The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information og:description This makes it possible for unauthenticated attackers to view the first 130 characters of a password protecte...

UBUNTU-CVE-2023-5692

WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirectguess404permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publiclyqueryable' post status has been set to 'false'...

PT-2024-22926 · Boldgrid · Boldgrid Easy Seo

Name of the Vulnerable Software and Affected Versions: The BoldGrid Easy SEO plugin for WordPress versions up to, and including, 1.6.14 Description: The issue allows unauthenticated attackers to view the first 130 characters of a password-protected post, which can contain sensitive information, v...

CVE-2024-1418

The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2 via the REST API. This makes it possible for unauthenticated attackers to view protected posts via REST API even when maintenance mode is enabled...

CVE-2024-1418

CVE-2024-1418 affects the CGC Maintenance Mode plugin for WordPress. According to connected sources, versions up to and including 1.2 are vulnerable to sensitive information exposure via the REST API, allowing unauthenticated attackers to view protected posts while maintenance mode is enabled. Th...