61 matches found
CVE-2025-4390 WP Private Content Plus <= 3.6.2 - Unauthenticated Sensitive Information Exposure
The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'validaterestrictions' function. This makes it possible for unauthenticated attackers to extract sensitive data including the content of resticted...
CVE-2025-4390
CVE-2025-4390 affects the WordPress plugin WP Private Content Plus (versions up to 3.6.2). The vulnerability is a Sensitive Information Exposure via the validate_restrictions function, allowing unauthenticated attackers to extract sensitive data, including restricted posts on archive and feed pag...
CVE-2024-1479
The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpspdisplay function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, priva...
CVE-2024-11291
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated...
CVE-2024-11083
The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...
CVE-2024-11106
The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...
CVE-2023-22488
Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the...
CVE-2024-11299
The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...
CVE-2024-11299
The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...
PT-2025-17519 · WordPress · Memberpress
Name of the Vulnerable Software and Affected Versions: Memberpress plugin for WordPress versions up to, and including, 1.11.37 Description: The issue allows unauthenticated attackers to extract sensitive data from restricted posts, such as those limited to higher-level roles like administrators,...
CVE-2024-13407
The Omnipress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.4 via the megamenu block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above,...
CVE-2024-13832
CVE-2024-13832 – Ultra Addons Lite for Elementor (WordPress) is confirmed in connected documents as an information disclosure vulnerability. It affects Ultra Addons Lite for Elementor
CVE-2024-13854
The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naeduelementortemplate shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...
PT-2025-1619 · WordPress · Membership Plugin – Restrict Content
Name of the Vulnerable Software and Affected Versions: The Membership Plugin – Restrict Content plugin for WordPress versions up to, and including, 3.2.13 Description: The issue allows unauthenticated attackers to extract sensitive data from posts restricted to higher-level roles, such as...
CVE-2024-11282
The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that...
WordPress plugin Member Access 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. An information disclosure...
CVE-2024-11297
The Page Restriction WordPress WP – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from pos...
CVE-2024-11291
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated...
CVE-2024-11291
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated...
CVE-2024-11295
CVE-2024-11295 affects the WordPress plugin Simple Page Access Restriction. All versions up to 1.0.29 are vulnerable to sensitive information exposure via the WordPress core search feature, allowing unauthenticated attackers to extract data from posts restricted to higher-level roles. Publicly av...