CVE-2024-0969 ARMember <= 4.0.24 - Improper Access Control to Sensitive Information Exposure via REST API

The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content...

CVE-2024-0969 ARMember <= 4.0.24 - Improper Access Control to Sensitive Information Exposure via REST API

The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content...

CVE-2024-0909

The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticat...

Information disclosure

The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticat...

CVE-2024-0909 Anonymous Restricted Content <= 1.6.2 - Protection Mechanism Bypass

The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticat...

CVE-2024-0909 Anonymous Restricted Content <= 1.6.2 - Protection Mechanism Bypass

The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticat...

Fortra GoAnywhere MFT Unauthenticated Remote Code Execution

This module exploits a vulnerability in Fortra GoAnywhere MFT that allows an unauthenticated attacker to create a new administrator account. This can be leveraged to upload a JSP payload and achieve RCE. GoAnywhere MFT versions 6.x from 6.0.1, and 7.x before 7.4.1 are vulnerable. Module Options m...

Anonymous Restricted Content < 1.6.3 - Protection Mechanism Bypass

Description The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for...

ARMember < 4.0.25 - Improper Access Control to Sensitive Information Exposure via REST API

Description The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content...

Fortra GoAnywhere MFT Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortra GoAnywhere MFT Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a vulnerability in Fortra GoAnywhere MFT th...

PT-2024-15913 · WordPress · Anonymous Restricted Content

Name of the Vulnerable Software and Affected Versions: Anonymous Restricted Content plugin for WordPress versions up to, and including, 1.6.2 Description: The issue is due to insufficient restrictions through the REST API on protected posts and pages, allowing unauthenticated attackers to access...

Instant Images < 6.1.1 - Author+ Arbitrary Options Update

Description The plugin is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint, allowing authors and higher to update arbitrary options...

CVE-2024-23825

TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On...

Design/Logic Flaw

TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On...

SchedulePress < 5.0.5 - Contributor+ Arbitrary Post Update/Deletion

Description The plugin does not have proper capability checks on several REST API endpoints, allowing contributors and above roles to edit and delete arbitrary posts...

CVE-2024-21985

ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege. Possible actions include...

CVE-2024-21985

ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege. Possible actions include...

Code injection

ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege. Possible actions include...

CVE-2024-21985

CVE-2024-21985 affects NetApp ONTAP REST API, enabling an authenticated user with multiple remote accounts (different roles) to perform actions beyond the intended privileges. Affected ONTAP versions include pre-9.9.1P18, pre-9.10.1P16, pre-9.11.1P13, pre-9.12.1P10, and pre-9.13.1P4, with possibl...

CVE-2024-21985 Privilege Escalation Vulnerability in ONTAP 9

ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege. Possible actions include...