Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Missing Authorization

Description The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticat...

CVE-2024-0593

The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetchquickjob function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can b...

CVE-2024-0593

The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetchquickjob function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can b...

CVE-2024-1043

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppbremovesavedlayoutdata' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated attackers, with...

CVE-2024-0616

CVE-2024-0616 concerns the Passster – Password Protect Pages and Content WordPress plugin. Public sources confirm a vulnerability in all versions up to and including 4.2.6.2 where an API exposure allows unauthenticated attackers to retrieve sensitive information: titles, slugs, IDs, content, and ...

CVE-2024-0616

The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for unauthenticated attackers to obtain post titles, slugs, IDs, content and other metadata includin...

PT-2024-15681 · WordPress · Yarpp

Name of the Vulnerable Software and Affected Versions: YARPP – Yet Another Related Posts Plugin versions up to, and including, 5.30.9 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows...

PT-2024-15674

Name of the Vulnerable Software and Affected Versions The Simple Job Board plugin for WordPress versions up to, and including, 2.10.8 Description The issue allows unauthorized access to data due to insufficient authorization checking on the fetch quick job function. This makes it possible for...

PT-2024-3143 · WordPress · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS plugin for WordPress versions up to, and including, 2.6.1 Description: The issue is related to a missing capability check on the tutor delete announcement function, which can allow authenticated attackers with subscriber-level acces...

CVE-2024-21412

creationtimestamp| type| source ---|---|--- 2024-02-13 19:17:24+00:00| seen| https://t.me/ctinow/184061 2024-02-13 20:37:03+00:00| seen| https://t.me/ctinow/184169 2024-02-13 20:41:42+00:00| seen| https://t.me/ctinow/184172 2024-02-13 20:41:43+00:00| seen| https://t.me/ctinow/184173 2024-02-13...

Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-0248

The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/ in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was...

CVE-2024-0421

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts...

CVE-2024-0248

The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/ in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was...

Code injection

The MapPress Maps for WordPress plugin before 2.88.16 does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts...

Code injection

The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/ in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was...

CVE-2024-0248

The CVE-2024-0248 entry concerns the EazyDocs WordPress plugin prior to 2.4.0, where insufficient access controls allowed authenticated users (e.g., subscribers) to delete arbitrary posts and to add/delete documents/sections. Root cause is broken access control, with where unauthenticated access ...

CVE-2024-0248 EazyDocs < 2.4.0 - Subscriber+ Arbitrary Posts Deletion and Document Management

The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/ in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was...

CVE-2024-0421 MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts...