Under Construction / Maintenance Mode from Acurax <= 2.6 - Information Exposure

Description The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages when...

WordPress Access Control <= 4.0.13 - Improper Access Control to Sensitive Information Exposure via REST API

Description The WordPress Access Control plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.13 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Make Website Members Only" feature when unset a...

CVE-2024-25723

ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/usernameorid/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched...

CVE-2024-25723

ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/usernameorid/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched...

MikroTik RouterOS Improper Access Control (CVE-2023-41570)

MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; i...

bakers-registry (>=0.1.1 <=0.1.7), bitcoinlib (>=0.5.1 <=0.6.3) +12 more potentially affected by CVE-2024-21502 via fastecdsa (>=1.6.4 <=2.3.0)

fastecdsa PYPI version =1.6.4, =0.1.1, =0.5.1, =0.1.0, =0.7.3, =0.1.1, =0.1.0, =2.0.0, =0.1.0a28, =1.0.1, =1.0.0, =0.1.0, =0.4.3 - xchainpy-bitcoin =0.1.2 Source cves: CVE-2024-21502 Source advisory: OSV:GHSA-PH86-G9R3-5QW4...

bakers-registry (>=0.1.1 <=0.1.7), bitcoinlib (>=0.5.1 <=0.6.3) +12 more potentially affected by CVE-2024-21502 via fastecdsa (>=1.6.4 <=2.3.0)

fastecdsa PYPI version =1.6.4, =0.1.1, =0.5.1, =0.1.0, =0.7.3, =0.1.1, =0.1.0, =2.0.0, =0.1.0a28, =1.0.1, =1.0.0, =0.1.0, =0.4.3 - xchainpy-bitcoin =0.1.2 Source cves: CVE-2024-21502 Source advisory: OSV:PYSEC-2024-39...

Product Catalog Enquiry for WooCommerce by MultiVendorX < 5.0.6 - Cross-Site Request Forgery via REST API

Description The Product Catalog Enquiry for WooCommerce by MultiVendorX plugin for WordPress is vulnerable to cross-site request forgery due to an improper capability check on the 'catalogpermission' function in versions up to, and including, 5.0.5. While the REST endpoints are only initialized f...

Dell Secure Connect Gateway Application SQL Injection Vulnerability

The Dell Secure Connect Gateway Application is a secure connectivity gateway from Dell, USA. The Dell Secure Connect Gateway Application suffers from a SQL injection vulnerability that can be exploited by an attacker to inject malicious content into the filters of the IP range Rest API, resulting...

Dell Secure Connect Gateway Application SQL Injection Vulnerability (CNVD-2024-11513)

The Dell Secure Connect Gateway Application is a secure connectivity gateway from Dell, USA. The Dell Secure Connect Gateway Application suffers from a SQL injection vulnerability that can be exploited by an attacker to inject malicious content into the filters of the Collection Rest API, resulti...

Maintenance Page < 1.0.9 - Security Mechanism Bypass via REST API

Description The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode...

WordPress 6.4.3 Username Disclosure

Title: wordpress 6.4.3 - Username Disclosure Author: h4shur date:2024-02-21 Vendor Homepage: https://www.wordpress.org Software Link: https://www.wordpress.org/download Version: 6.4.3 and earlier Tested on: Windows 10 & Google Chrome Category : Web Application Bugs Description : the REST API allo...

WordPress 6.4.3 Username Disclosure Vulnerability

WordPress versions 6.4.3 and below appear to suffer from a REST API related username disclosure vulnerability. Title: wordpress 6.4.3 - Username Disclosure Author: h4shur Vendor Homepage: https://www.wordpress.org Software Link: https://www.wordpress.org/download Version: 6.4.3 and earlier Tested...

CVE-2024-0978

The CVE-2024-0978 entry concerns the My Private Site WordPress plugin (jonradio-private-site) with version

CVE-2024-0978 My Private Site <= 3.0.14 - Improper Access Control to Sensitive Information Exposure via REST API

The My Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.14 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's site privacy feature and view restricted page and post content...

CVE-2024-0978 My Private Site <= 3.0.14 - Improper Access Control to Sensitive Information Exposure via REST API

The My Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.14 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's site privacy feature and view restricted page and post content...

CVE-2024-1472

The CVE-2024-1472 entry covers WP Maintenance for WordPress. Affected versions are up to 6.1.6, where an information-exposure flaw in the REST API allows unauthenticated actors to bypass maintenance mode and retrieve post/page content. The issue is confirmed by multiple sources in the Connected d...

CVE-2024-1472 WP Maintenance <= 6.1.6 - Information Exposure

The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API...

CVE-2024-1475

CVE-2024-1475 affects the WordPress plugin Coming Soon Maintenance Mode up to version 1.0.5. Root cause: Sensitive Information Exposure via the REST API that allows unauthenticated attackers to retrieve post/page content, bypassing plugin protection. Impact: unauthorized data disclosure of site c...

CVE-2024-1475 Coming Soon Maintenance Mode <= 1.0.5 - Information Exposure

The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content thus bypassing the protection provided by the...