6232 matches found
CVE-2024-0828
The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers...
CVE-2024-0592
The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handlecreatelink function. This makes it possible for unauthenticated attackers to add related...
Cross site request forgery (csrf)
The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handlecreatelink function. This makes it possible for unauthenticated attackers to add related...
Input validation
The FeedWordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2022.0222 due to missing validation on the user controlled 'guid' key. This makes it possible for unauthenticated attackers to view draft posts that may contain sensitive...
Information disclosure
The Restrict User Access – Ultimate Membership & Content Protection plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages via API...
Information disclosure
The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpspdisplay function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, priva...
CVE-2024-1489
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for unauthenticated attacker...
CVE-2024-1489 SMS Alert Order Notifications – WooCommerce <= 3.6.9 - Cross-Site Request Forgery
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for unauthenticated attacker...
CVE-2024-1479
CVE-2024-1479 affects the WordPress plugin WP Show Posts (up to and including version 1.1.4). The vulnerability arises in the wpsp_display function and could allow authenticated attackers with Contributor+ privileges to view content of drafts, trash, future, private, and pending posts/pages. The ...
CVE-2024-1479 WP Show Posts <= 1.1.4 - Information Exposure
The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpspdisplay function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, priva...
CVE-2024-1479 WP Show Posts <= 1.1.4 - Information Exposure
The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpspdisplay function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, priva...
CVE-2024-0592 Related Posts for WordPress <= 2.2.1 - Cross-Site Request Forgery
The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handlecreatelink function. This makes it possible for unauthenticated attackers to add related...
CVE-2024-0592 Related Posts for WordPress <= 2.2.1 - Cross-Site Request Forgery
The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handlecreatelink function. This makes it possible for unauthenticated attackers to add related...
CVE-2024-0828 Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Missing Authorization
The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers...
CVE-2024-1642 MainWP Dashboard <= 4.6.0.1 - Cross-Site Request Forgery via posting_bulk
The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'postingbulk' function. This makes it possible for...
Related Posts for WordPress < 2.2.2 - Cross-Site Request Forgery
Description The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handlecreatelink function. This makes it possible for unauthenticated attackers to...
PT-2024-18083 · WordPress · Wp Show Posts
Name of the Vulnerable Software and Affected Versions: WP Show Posts plugin for WordPress versions up to, and including, 1.1.4 Description: The issue allows authenticated attackers with contributor access and above to view the contents of draft, trash, future, private, and pending posts and pages...
WordPress Plugin WP Show Posts Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...
WordPress Plugin Related Posts for WordPress Security Breach
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Elementor Addons by Livemesh < 8.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Carousel Widget
Description The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘carouselskin’ attribute of the Posts Carousel widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possib...