CVE-2024-5382

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...

CVE-2024-5382 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to MA Template Creation or Modification

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...

CVE-2024-5382

CVE-2024-5382 affects Master Addons – Free Widgets for Elementor (WordPress). A missing capability check on the ma-template REST API route allows unauthenticated attackers to create or modify Master Addons templates and related settings in all versions up to 2.0.6.1. The Red Hat advisory confirms...

Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor < 2.0.6.2 - Missing Authorization to MA Template Creation or Modification

Description The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. Th...

CVE-2024-0972

The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.9 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to Guest"...

CVE-2024-0972

CVE-2024-0972 affects BuddyPress Members Only for WordPress (all versions

CVE-2024-0910

The Restrict for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 due to improper restrictions on hidden data that make it accessible through the REST API. This makes it possible for unauthenticated attackers to extract...

CVE-2024-0910 Restrict for Elementor <= 1.0.7 - Protection Mechanism Bypass

The Restrict for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 due to improper restrictions on hidden data that make it accessible through the REST API. This makes it possible for unauthenticated attackers to extract...

CVE-2024-0910

CVE-2024-0910 concerns the WordPress plugin Restrict for Elementor, affecting all versions up to 1.0.6. Root cause: improper restrictions on hidden data exposed via the REST API, enabling unauthenticated attackers to extract potentially sensitive information from post content. Documented impact i...

jenkins-2-plugins: matrix-project plugin path traversal vulnerability

A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on...

Restrict for Elementor <= 1.0.6 - Protection Mechanism Bypass

Description The Restrict for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.6 due to improper restrictions on hidden data that make it accessible through the REST API. This makes it possible for unauthenticated attackers to...

BuddyPress Members Only <= 3.3.5 - Improper Access Control to Sensitive Information Exposure via REST API

Description The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.5 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to...

PT-2024-15951 · WordPress · Buddypress Members Only

Name of the Vulnerable Software and Affected Versions: BuddyPress Members Only plugin for WordPress versions up to, and including, 3.3.5 Description: The issue allows unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to Guest" feature and view...

CVE-2024-4332 Improper Authentication in Tripwire Enterprise 9.1.0 APIs

An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise TE 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled. This...

Exploit for SQL Injection in Bplugins Html5_Video_Player

CVE-2024-5522-Poc CVE-2024-5522 HTML5 Video Player = 2.5.2...

Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects

Impact What kind of vulnerability is it? Who is impacted? A user with permissions to view Dynamic Group records extras.viewdynamicgroup permission can use the Dynamic Group detail UI view /extras/dynamic-groups// and/or the members REST API view /api/extras/dynamic-groups//members/ to list the...

CVE-2024-36112 Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects

Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records extras.viewdynamicgroup permission can use the Dynamic Group detail UI view /extras/dynamic-groups// and/or the members REST API view /api/extras/dynamic-groups//members/ t...

CVE-2024-36112 Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects

Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records extras.viewdynamicgroup permission can use the Dynamic Group detail UI view /extras/dynamic-groups// and/or the members REST API view /api/extras/dynamic-groups//members/ t...

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to server-side request forgery due to Apache CXF

Summary This security bulletin addresses the vulnerabilitiy in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager CVE-2024-28752. IBM Tivoli Application Dependency Discovery Manager is using Apache CXF for its SOAP API and REST API implementation. Vulnerability...

Sensitive Information Disclosure

ezsystems/ezpublish-kernel is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the REST API potentially disclosing the names of all available site accesses...