4960 matches found
Improper access control
The WordPress Access Control plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.13 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Make Website Members Only" feature when unset and view...
Design/Logic Flaw
The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages when maintenance mo...
Information disclosure
The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers t...
CVE-2024-1476 Under Construction / Maintenance Mode from Acurax <= 2.6 - Information Exposure
The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages when maintenance mo...
CVE-2024-1476
CVE-2024-1476 affects the Under Construction / Maintenance Mode plugin for WordPress by Acurax. The vulnerability allows unauthenticated users to retrieve post/page contents via the REST API when maintenance mode is active, exposing sensitive information in all versions up to 2.6. Root cause is i...
CVE-2024-0682 Page Restrict <= 2.5.5 - Protection Mechanism Bypass
The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers t...
CVE-2024-0975 WordPress Access Control <= 4.0.13 - Improper Access Control to Sensitive Information Exposure via REST API
The WordPress Access Control plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.13 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Make Website Members Only" feature when unset and view...
CVE-2024-0975
The WordPress Access Control plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.13 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Make Website Members Only" feature when unset and view...
CVE-2024-0975
CVE-2024-0975 affects the WordPress Access Control plugin for WordPress. The vulnerability allows Sensitive Information Exposure via REST API in all versions up to and including 4.0.13, enabling unauthenticated attackers to bypass the plugin’s “Make Website Members Only” setting (when unset) and ...
CVE-2024-0680 WP Private Content Plus <= 3.6 - Protection Mechanism Bypass
The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated...
CVE-2024-0680 WP Private Content Plus <= 3.6 - Protection Mechanism Bypass
The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated...
WordPress Plugin WordPress Access Control Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
PT-2024-18080 · Acurax · Under Construction / Maintenance Mode
Name of the Vulnerable Software and Affected Versions: Under Construction / Maintenance Mode from Acurax plugin for WordPress versions up to, and including, 2.6 Description: The Under Construction / Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure. This...
PT-2024-15746 · WordPress · Page Restrict
Name of the Vulnerable Software and Affected Versions: Page Restrict plugin for WordPress versions up to, and including, 2.5.5 Description: The issue is related to information disclosure due to the plugin not properly restricting access to posts via the REST API when a page has been made private...
Page Restriction WordPress (WP) < 1.3.5 - Unauthenticated Protected Post Access
Description The plugin is vulnerable to information disclosure due to the plugin not properly restricting access to pages via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected pages. The vendor has decided that they will not...
Page Restrict <= 2.5.5 - Unauthenticated Protected Post Access
Description The plugin is vulnerable to information disclosure due to the plugin not properly restricting access to posts via the REST API when a page has been made private, allowing unauthenticated attackers to view protected posts...
ZenML Server Remote Privilege Escalation Vulnerability
ZenML Server in the ZenML package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/usernameorid/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched versions: 0.44.4,...
CVE-2024-25723
ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/usernameorid/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched...
CVE-2024-25723
ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/usernameorid/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched...
Design/Logic Flaw
ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/usernameorid/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched...