13 matches found
EUVD-2026-41244
The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the Envo Tabs and Off Canvas widget's template rendering in versions up to, and including, 1.4.26. The render method of the Tabs...
CVE-2026-11600
The CVE-2026-11600 entry concerns Envo’s Templates & Widgets for Elementor and WooCommerce (WordPress). Affected: Tabs and Off Canvas widgets up to version 1.4.26. Root cause: the Tabs widget render() passes a user-controlled template/post ID to Elementor’s get_builder_content_for_display() witho...
CVE-2026-11600
The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the Envo Tabs and Off Canvas widget's template rendering in versions up to, and including, 1.4.26. The render method of the Tabs...
CVE-2026-12408 Slim SEO <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure via 'object.ID' Parameter
The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the /wp-json/slim-seo/meta-tags/ai REST API endpoint. This is due to the endpoint's permissioncallback performin...
WordPress Envo's Templates & Widgets for Elementor and WooCommerce plugin <= 1.4.26 - Missing Authorization to Authenticated (Author+) Private Content Disclosure vulnerability
Missing Authorization to Authenticated Author+ Private Content Disclosure vulnerability discovered by ? in WordPress Plugin Envo's Elementor Templates & Widgets for WooCommerce versions = 1.4.26...
WordPress Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure vulnerability
Authenticated Contributor+ Insufficient Authorization to Private Content Disclosure vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Slim SEO versions = 4.9.8...
CVE-2025-71242
SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections rubriques in AJAX-loaded fragments, allowing an authenticated attacker to access restricted...
CVE-2025-71242 SPIP < 4.3.6 Authorization Bypass Leading to Content Disclosure
SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections rubriques in AJAX-loaded fragments, allowing an authenticated attacker to access restricted...
WordPress WPGraphQL Smart Cache plugin < 2.0.1 - Unauthenticated Private Content Disclosure vulnerability
Unauthenticated Private Content Disclosure vulnerability discovered by WPscan in WordPress Plugin WPGraphQL Smart Cache versions 2.0.1...
GitLab Enterprise Edition 安全漏洞
GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition that stems from a prompt injection leading to private content disclosure...
CVE-2024-12103
The CVE-2024-12103 entry concerns the WordPress plugin Content No Cache. It is vulnerable to Information Exposure in all versions up to and including 0.1.2 via the eos_dyn_get_content action, due to insufficient restrictions on which posts can be included. This enables unauthenticated attackers t...
WordPress Content No Cache plugin <= 0.1.2 - Unauthenticated Private Content Disclosure vulnerability
Unauthenticated Private Content Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Content No Cache versions = 0.1.2...
CVE-2021-24661 PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Private Content Disclosure
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID...