Lucene search
K

26 matches found

NVD
NVD
added 2026/02/14 4:15 a.m.4 views

CVE-2025-13973

The StickEasy Protected Contact Form plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.0.2. The plugin stores spam detection logs at a predictable publicly accessible location...

5.3CVSS0.00255EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/14 3:25 a.m.32 views

CVE-2025-13973 StickEasy Protected Contact Form <= 1.0.1 - Unauthenticated Information Disclosure

The StickEasy Protected Contact Form plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.0.2. The plugin stores spam detection logs at a predictable publicly accessible location...

5.3CVSS0.00255EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.6 views

WordPress plugin PixelYourSite 信息泄露漏洞

WordPress PixelYourSite is a tracking plugin that supports WordPress business owners. WordPress PixelYourSite suffers from an information disclosure vulnerability that stems from a lack of protection for publicly exposed log files when the Meta API logging setting is enabled disabled by default. ...

5.3CVSS5.9AI score0.0038EPSS
Exploits0References5
OSV
OSV
added 2025/11/19 8:15 p.m.9 views

CVE-2025-63212

GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers sid in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions...

6.5CVSS5.8AI score0.0032EPSS
Exploits1References2
NVD
NVD
added 2025/11/19 8:15 p.m.4 views

CVE-2025-63212

GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers sid in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions...

6.5CVSS0.0032EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/19 12:0 a.m.4 views

CVE-2025-63212

GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers sid in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions...

6.5AI score0.0032EPSS
Exploits1References2
CVE
CVE
added 2025/11/19 12:0 a.m.13 views

CVE-2025-63212

The vulnerability CVE-2025-63212 affects GatesAir Flexiva-LX devices running firmware 1.0.13 and 2.0 (LX100/LX300/LX600/LX1000). The issue is that sensitive session identifiers (sid) are written to a publicly accessible log at /log/Flexiva%20LX.log, enabling an unauthenticated attacker to hijack ...

6.5CVSS6.5AI score0.0032EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/11/11 6:30 a.m.6 views

EUVD-2025-60975

The Shelf Planner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.0 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

5.3CVSS5.3AI score0.00305EPSS
Exploits0References3
NVD
NVD
added 2025/11/11 4:15 a.m.5 views

CVE-2025-11891

The Shelf Planner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

5.3CVSS0.00305EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.3 views

WordPress plugin Content Writer 日志信息泄露漏洞

WordPress Content Writer plugin is a WordPress plugin mainly used to help users efficiently manage the website content creation, providing convenient content generation and publishing functions. WordPress Content Writer plugin has an information disclosure vulnerability that originates from...

5.3CVSS6AI score0.00303EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/12 10:5 a.m.18 views

CVE-2025-8484

The Code Quality Control Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in version 2.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

5.3CVSS5.9AI score0.00293EPSS
Exploits0References1
NVD
NVD
added 2025/10/11 10:15 a.m.25 views

CVE-2025-8484

The Code Quality Control Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in version 2.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

5.3CVSS0.00293EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-3634

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00481EPSS
Exploits0References4
NVD
NVD
added 2025/09/26 5:15 a.m.16 views

CVE-2025-9985

The Featured Image from URL FIFU plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the...

5.3CVSS0.1107EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.7 views

CVE-2021-25009

The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses...

5.3CVSS6.2AI score0.01179EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.3 views

PT-2024-16358 · WordPress · Woo Manage Fraud Orders

Name of the Vulnerable Software and Affected Versions: Woo Manage Fraud Orders plugin for WordPress versions 6.1.7 and earlier Description: The issue allows unauthenticated attackers to view potentially sensitive information about users contained in publicly exposed log files. This is possible du...

5.3CVSS6.9AI score0.00505EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/10/22 12:0 a.m.4 views

PT-2024-39276

Name of the Vulnerable Software and Affected Versions: All-in-One WP Migration and Backup plugin for WordPress versions up to, and including, 7.86 Description: The issue allows unauthenticated attackers to view potentially sensitive information, such as full paths, contained in publicly exposed l...

5.3CVSS5.8AI score0.01175EPSS
Exploits0References10
OSV
OSV
added 2024/09/04 9:15 a.m.4 views

CVE-2024-7870

The PixelYourSite – Your smart PIXEL TAG & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log files. This makes it possible for...

7.5CVSS5.8AI score0.0045EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/08/01 12:0 a.m.7 views

PT-2024-37799 · WordPress · Ctt Expresso Para Woocommerce

Name of the Vulnerable Software and Affected Versions: CTT Expresso para WooCommerce plugin for WordPress versions up to and including 3.2.12 Description: The issue concerns the exposure of sensitive information in the CTT Expresso para WooCommerce plugin for WordPress. This exposure occurs via t...

7.5CVSS6.2AI score0.00415EPSS
Exploits0References9
Rosalinux
Rosalinux
added 2024/05/02 7:56 a.m.35 views

Advisory ROSA-SA-2024-2410

Software: cloud-init 20.3 OS: ROSA Virtualization 2.1 packageevrstring: cloud-init-20.3-10.el84.5.src.rpm CVE-ID: CVE-2021-3429 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When instructing Cloud-init to set a random password for a new version user account, Cloud-init wrote that password to the publi...

5.5CVSS7.3AI score0.00236EPSS
Exploits0
Rows per page
Query Builder