WP FullCalendar < 1.5 - Unauthenticated Arbitrary Post Access

The plugin does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones. PoC Open the below URL as an...

privilege escalation : Low access user can view Admin PRIVATE POST by using PIN functionality

Description Due to the privilege escalation issue Low access user can view Admin PRIVATE POST by abusing PIN functionality. PIN functionality is used to pin any post in TOP , by using the Low user Attacker can View the other & high privilege user PRIVATE POST , as per the flow its not PINNING any...

CVE-2022-2535

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

CVE-2022-2535

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

Code injection

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

CVE-2022-2535

The vulnerability CVE-2022-2535 affects WordPress plugin SearchWP Live Ajax Search (versions before 1.6.2). The root cause is that live search queries do not restrict results to published posts, allowing unauthenticated users to disclose private/draft/pending post titles and their permalinks thro...

CVE-2022-0914

The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages including private and draft into an arbitrary CSV file, which the attacker can then download and retrieve the list of...

CVE-2022-0914

The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages including private and draft into an arbitrary CSV file, which the attacker can then download and retrieve the list of...

WordPress Document Embedder plugin information leakage vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Document Embedder plugin versions prior to 1.7.5 contain an information disclosure vulnerability that could be exploited to all...

CVE-2021-24868

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...

CVE-2021-24868

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...

CVE-2021-24775

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...

CVE-2021-24775

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...

Design/Logic Flaw

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...

CVE-2021-24868 Document Embedder < 1.7.9 - Subscriber+ Arbitrary Private/Draft Post Title Disclosure

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...

WordPress 安全漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Document Embedder plugin versions prior to 1.7.5 contain an information disclosure vulnerability that could be exploited to all...

CVE-2021-24948

The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tpgetdlpostinfoajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts...

PT-2022-9522 · WordPress · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor - Pro WordPress plugin versions prior to 5.0.7 Description: The issue concerns the lack of validation for the qvquery parameter in the tp get dl post info ajax AJAX action. This could potentially allow...

Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure

The plugin contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts. PoC https://example.com/wp-json/doc/v1/single/509 509 being the ID of a private/draft Post...

CVE-2021-24739

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature...