Lucene search
+L

13 matches found

EUVD
EUVD
added 2026/07/02 5:35 a.m.6 views

EUVD-2026-41244

The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the Envo Tabs and Off Canvas widget's template rendering in versions up to, and including, 1.4.26. The render method of the Tabs...

4.3CVSS5.7AI score0.00223EPSS
Exploits0References8
CVE
CVE
added 2026/07/02 5:35 a.m.16 views

CVE-2026-11600

The CVE-2026-11600 entry concerns Envo’s Templates & Widgets for Elementor and WooCommerce (WordPress). Affected: Tabs and Off Canvas widgets up to version 1.4.26. Root cause: the Tabs widget render() passes a user-controlled template/post ID to Elementor’s get_builder_content_for_display() witho...

4.3CVSS5.7AI score0.00223EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:35 a.m.6 views

CVE-2026-11600

The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the Envo Tabs and Off Canvas widget's template rendering in versions up to, and including, 1.4.26. The render method of the Tabs...

4.3CVSS5.7AI score0.00223EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/01 7:53 a.m.41 views

CVE-2026-12408 Slim SEO <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure via 'object.ID' Parameter

The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the /wp-json/slim-seo/meta-tags/ai REST API endpoint. This is due to the endpoint's permissioncallback performin...

4.3CVSS0.00257EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/07/01 12:0 a.m.6 views

WordPress Envo's Templates & Widgets for Elementor and WooCommerce plugin <= 1.4.26 - Missing Authorization to Authenticated (Author+) Private Content Disclosure vulnerability

Missing Authorization to Authenticated Author+ Private Content Disclosure vulnerability discovered by ? in WordPress Plugin Envo's Elementor Templates & Widgets for WooCommerce versions = 1.4.26...

4.3CVSS5.8AI score0.00223EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/30 7:21 p.m.8 views

WordPress Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure vulnerability

Authenticated Contributor+ Insufficient Authorization to Private Content Disclosure vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Slim SEO versions = 4.9.8...

4.3CVSS5.8AI score0.00257EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2026/02/19 4:27 p.m.6 views

CVE-2025-71242

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections rubriques in AJAX-loaded fragments, allowing an authenticated attacker to access restricted...

6.5CVSS5.9AI score0.00245EPSS
Exploits0References4
OSV
OSV
added 2026/02/19 2:58 p.m.7 views

CVE-2025-71242 SPIP < 4.3.6 Authorization Bypass Leading to Content Disclosure

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections rubriques in AJAX-loaded fragments, allowing an authenticated attacker to access restricted...

5.3CVSS5.9AI score0.00245EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/12/12 5:59 p.m.5 views

WordPress WPGraphQL Smart Cache plugin < 2.0.1 - Unauthenticated Private Content Disclosure vulnerability

Unauthenticated Private Content Disclosure vulnerability discovered by WPscan in WordPress Plugin WPGraphQL Smart Cache versions 2.0.1...

7AI score
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/02/13 12:0 a.m.11 views

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition that stems from a prompt injection leading to private content disclosure...

6.4CVSS6.7AI score0.00382EPSS
Exploits1References2
CVE
CVE
added 2024/12/24 9:21 a.m.50 views

CVE-2024-12103

The CVE-2024-12103 entry concerns the WordPress plugin Content No Cache. It is vulnerable to Information Exposure in all versions up to and including 0.1.2 via the eos_dyn_get_content action, due to insufficient restrictions on which posts can be included. This enables unauthenticated attackers t...

5.3CVSS7.1AI score0.00386EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/12/24 12:13 a.m.7 views

WordPress Content No Cache plugin <= 0.1.2 - Unauthenticated Private Content Disclosure vulnerability

Unauthenticated Private Content Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Content No Cache versions = 0.1.2...

5.3CVSS7AI score0.00386EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/09/27 3:25 p.m.24 views

CVE-2021-24661 PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Private Content Disclosure

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID...

4.8AI score0.00739EPSS
Exploits1References1
Rows per page
Query Builder