8 matches found
EUVD-2026-31421
The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handleplaylistendpoint function hooked to templateredirect accepting a user-controlled playlist ID via the audioigniterplaylistid query var or the...
CVE-2026-1004
CVE-2026-1004 affects the Essential Addons for Elementor plugin for WordPress (versions up to and including 6.5.5). The flaw, via the eael_product_quickview_popup function, allows unauthenticated attackers to exfiltrate WooCommerce product information for items with draft, pending, or private sta...
BIT-MASTODON-2025-67500 Mastodon Error Handling Discrepancy Enables Private Status Existence Enumeration
Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0 through 4.3.14, 4.4.0 through 4.4.9, 4.5.0 through 4.5.2 have discrepancies in error handling which allow checking whether a given status exists by sending a request with a non-English...
CVE-2025-67500
CVE-2025-67500 affects Mastodon prior to fixed versions: 4.2.28, 4.3.15, 4.4.10 and 4.5.3. The issue stems from error-handling discrepancies that let an attacker determine whether a private status exists by sending a request with a non-English Accept-Language header; it does not reveal the status...
CVE-2025-67500 Mastodon Error Handling Discrepancy Enables Private Status Existence Enumeration
Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a given status exists by sending a request...
CVE-2025-67500 Mastodon Error Handling Discrepancy Enables Private Status Existence Enumeration
Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a given status exists by sending a request...
HackerOne: Issue with VDP Program's Transition to Private Status and Missing Warning Labels on ORG Invitation
Vulnerability description not provided...
CVE-2024-1452
The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.2 via Query Loop. This makes it possible for authenticated attackers, with contributor access and above, to see contents of posts and pages in draft or private status ...