4 matches found
CVE-2026-10737
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...
CVE-2025-67652 AutomationDirect CLICK Programmable Logic Controller Weak Encoding for Password
An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leavi...
CVE-2025-11009
The CVE-2025-11009 issue affects Mitsubishi Electric GT Designer3 (GOT2000 GOT1000) where credentials are stored in plaintext in project files (Cleartext Storage of Sensitive Information). Root cause: credentials verifi ed/stored in plaintext (CWE-312). Impact: local, unauthenticated attacker cou...
CVE-2020-6980
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol SMTP account data is saved in RSLogix 500, a local attacker with access to a...