CVE-2024-13430

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayerbuilderpostsshortcode' function due to insufficient restrictions on which posts can be included. This makes it...

CVE-2024-13430 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Authenticated (Contributor+) Private Post Disclosure in pagelayer_builder_posts_shortcode

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayerbuilderpostsshortcode' function due to insufficient restrictions on which posts can be included. This makes it...

WordPress PageLayer plugin <= 1.9.8 - Authenticated (Contributor+) Private Post Disclosure in pagelayer_builder_posts_shortcode vulnerability

Authenticated Contributor+ Private Post Disclosure in pagelayerbuilderpostsshortcode vulnerability discovered by Nishiv in WordPress Plugin PageLayer versions = 1.9.8...

CVE-2025-1322

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated...

CVE-2025-1322

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated...

CVE-2024-13635

The CVE-2024-13635 entry concerns VK Blocks for WordPress. Affected: VK Blocks plugin versions up to and including 1.94.2.2. Vulnerability type: Sensitive Information Exposure via the page content block. Impact: authenticated attackers with Contributor-level access and above can read sensitive da...

CVE-2024-13546

The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 via the 'getimagedescription' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data...

PT-2025-9071 · WordPress · Ultra Addons Lite For Elementor

Name of the Vulnerable Software and Affected Versions: Ultra Addons Lite for Elementor plugin for WordPress versions up to, and including, 1.1.8 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from password-protected, private, or draft...

CVE-2025-0661

The DethemeKit For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the duplicatepost function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with...

PT-2025-6797 · WordPress · Dethemekit For Elementor

Name of the Vulnerable Software and Affected Versions: DethemeKit For Elementor plugin for WordPress versions up to, and including, 2.36 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from password protected, private, draft, or...

CVE-2024-13514

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.5 via the 'bsb-slider' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, wi...

CVE-2024-12046

The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.2 via the 'namedicalelementortemplate' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers,...

CVE-2024-13514 B Slider- Gutenberg Slider Block for WP <= 1.1.23 - Authenticated (Contributor+) Private Post Disclosure via bsb-slider Shortcode

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.5 via the 'bsb-slider' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, wi...

CVE-2024-13514

CVE-2024-13514 concerns the WordPress plugin B Slider- Gutenberg Slider Block for WP. The CVE describes Information Exposure via the bsb-slider shortcode, enabling authenticated users with Contributor+ privileges to read private posts. Reported affected versions include up to 1.9.5 (per the CVE r...

PT-2025-2200 · WordPress · B Slider- Gutenberg Slider Block

Name of the Vulnerable Software and Affected Versions: The B Slider- Gutenberg Slider Block for WP plugin for WordPress versions up to, and including, 1.9.5 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private posts they should...

WordPress B Slider- Gutenberg Slider Block for WP plugin <= 1.1.23 - Authenticated (Contributor+) Private Post Disclosure via bsb-slider Shortcode vulnerability

Authenticated Contributor+ Private Post Disclosure via bsb-slider Shortcode vulnerability discovered by Nishiv in WordPress Plugin B Slider versions = 1.1.23...

WordPress Custom Related Posts plugin <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Private Post Search and Relation Updates vulnerability

Missing Authorization to Authenticated Subscriber+ Private Post Search and Relation Updates vulnerability discovered by Lucio Sá in WordPress Plugin Custom Related Posts versions = 1.7.3...

CVE-2024-12102

The Typer Core plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.6 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-12102

The Typer Core plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.6 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...

PT-2025-1748 · WordPress · Typer Core

Name of the Vulnerable Software and Affected Versions: Typer Core plugin for WordPress versions up to, and including, 1.9.6 Description: The issue concerns insufficient restrictions on which posts can be included through the 'elementor-template' shortcode, allowing authenticated attackers with...