CVE-2024-1418 CGC Maintenance Mode <= 1.2 - Sensitive Information Exposure

The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2 via the REST API. This makes it possible for unauthenticated attackers to view protected posts via REST API even when maintenance mode is enabled...

CVE-2024-1418

The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2 via the REST API. This makes it possible for unauthenticated attackers to view protected posts via REST API even when maintenance mode is enabled...

PT-2024-18028 · WordPress · Cgc Maintenance Mode

Name of the Vulnerable Software and Affected Versions: CGC Maintenance Mode plugin for WordPress versions up to, and including, 1.2 Description: The issue allows unauthenticated attackers to view protected posts via the REST API, even when maintenance mode is enabled. This is possible due to...

CGC Maintenance Mode <= 1.2 - Sensitive Information Exposure

Description The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2 via the REST API. This makes it possible for unauthenticated attackers to view protected posts via REST API even when maintenance mode is enabled...

PT-2024-21966 · Unknown · Genesis Blocks

Name of the Vulnerable Software and Affected Versions: Genesis Blocks versions prior to 3.1.3 Description: The issue allows attackers to conduct Stored XSS attacks by exploiting improperly escaped data input in some of the plugin's blocks, potentially enabling them to create admin accounts via...

CVE-2024-1732

The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wadsremoveProductFromShop function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers...

CVE-2024-1732

CVE-2024-1732 : The Sharkdropship Dropshipping & Affiliate for AliExpress WordPress plugin is vulnerable to unauthenticated data loss via a missing capability check in wads_removeProductFromShop(), affecting all versions up to 2.2.4. Impact is unauthorized deletion of posts; CVSS indicates networ...

CVE-2024-1732 Sharkdropship for AliExpress Dropshipping and Affiliate <= 2.2.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wadsremoveProductFromShop function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers...

CVE-2024-1732 Sharkdropship for AliExpress Dropshipping and Affiliate <= 2.2.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wadsremoveProductFromShop function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers...

WordPress Hubbub Lite plugin < 1.33.1 - Unauthenticated Password Protected Posts Access vulnerability

Unauthenticated Password Protected Posts Access vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Hubbub Lite versions 1.33.1...

CVE-2024-1526

The Hubbub Lite WordPress plugin before 1.33.1 does not ensure that user have access to password protected post before displaying its content in a meta tag...

WordPress List category posts plugin <= 0.89.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin List category posts versions = 0.89.6...

Essential Addons for Elementor < 5.9.14 - Unauthenticated Private/Draft Posts Access

Description The plugin is vulnerable to Sensitive Information Exposure via the loadmore function. This can allow unauthenticated attackers to extract sensitive data including private and draft posts...

WordPress List category posts Plugin <= 0.89.6 is vulnerable to Cross Site Scripting (XSS)

Software List category posts Type Plugin Vulnerable versions = 0.89.6 Fixed in 0.89.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1051 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a918041d1b8e Credits Ngô Thiên An ancor...

WordPress Plugin List category posts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PT-2024-16330 · WordPress · List Category Posts Plugin

Name of the Vulnerable Software and Affected Versions: List category posts plugin for WordPress versions up to, and including, 0.89.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode due to insufficient input sanitization and output escaping on...

New iMessage Phishing Campaign Targets Postal Service Users Globally

By Waqas Some of the known targets of this iMessage phishing campaign are USPS the United States Postal Service, DHL, Evri, Australia Post, Bulgarian Posts, and Singapore Post. This is a post from HackRead.com Read the original post: New iMessage Phishing Campaign Targets Postal Service Users...

SUSE CVE-2024-29025

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...

PT-2024-20395 · WordPress · Inline Related Posts

Name of the Vulnerable Software and Affected Versions: Inline Related Posts WordPress plugin versions prior to 3.5.0 Description: The issue concerns the Inline Related Posts WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow high-privilege users,...

CVE-2023-7251

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901...