Lucene search
K

61 matches found

Vulnrichment
Vulnrichment
added 2025/08/12 2:24 a.m.5 views

CVE-2025-4390 WP Private Content Plus <= 3.6.2 - Unauthenticated Sensitive Information Exposure

The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'validaterestrictions' function. This makes it possible for unauthenticated attackers to extract sensitive data including the content of resticted...

5.3CVSS6.9AI score0.00307EPSS
Exploits0References3
CVE
CVE
added 2025/08/12 2:24 a.m.47 views

CVE-2025-4390

CVE-2025-4390 affects the WordPress plugin WP Private Content Plus (versions up to 3.6.2). The vulnerability is a Sensitive Information Exposure via the validate_restrictions function, allowing unauthenticated attackers to extract sensitive data, including restricted posts on archive and feed pag...

5.3CVSS6.8AI score0.00307EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 8:23 a.m.6 views

CVE-2024-1479

The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpspdisplay function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, priva...

5.3CVSS5.2AI score0.00653EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:51 a.m.7 views

CVE-2024-11291

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated...

5.3CVSS6.9AI score0.00457EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:56 a.m.10 views

CVE-2024-11083

The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

5.3CVSS6.8AI score0.00399EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:51 a.m.9 views

CVE-2024-11106

The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

5.3CVSS6.8AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:53 a.m.5 views

CVE-2023-22488

Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the...

6.8CVSS6.5AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/25 9:13 p.m.12 views

CVE-2024-11299

The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

7.5CVSS6.9AI score0.00295EPSS
Exploits0References1
OSV
OSV
added 2025/04/22 12:15 p.m.7 views

CVE-2024-11299

The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

7.5CVSS7.3AI score0.00295EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/22 12:0 a.m.13 views

PT-2025-17519 · WordPress · Memberpress

Name of the Vulnerable Software and Affected Versions: Memberpress plugin for WordPress versions up to, and including, 1.11.37 Description: The issue allows unauthenticated attackers to extract sensitive data from restricted posts, such as those limited to higher-level roles like administrators,...

7.5CVSS8AI score0.00295EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/03/16 8:18 a.m.9 views

CVE-2024-13407

The Omnipress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.4 via the megamenu block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above,...

6.5CVSS6.9AI score0.00255EPSS
Exploits0References1
CVE
CVE
added 2025/02/28 8:23 a.m.59 views

CVE-2024-13832

CVE-2024-13832 – Ultra Addons Lite for Elementor (WordPress) is confirmed in connected documents as an information disclosure vulnerability. It affects Ultra Addons Lite for Elementor

4.3CVSS4.5AI score0.00302EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/02/19 8:15 a.m.25 views

CVE-2024-13854

The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naeduelementortemplate shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

4.3CVSS0.0032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/26 12:0 a.m.7 views

PT-2025-1619 · WordPress · Membership Plugin – Restrict Content

Name of the Vulnerable Software and Affected Versions: The Membership Plugin – Restrict Content plugin for WordPress versions up to, and including, 3.2.13 Description: The issue allows unauthenticated attackers to extract sensitive data from posts restricted to higher-level roles, such as...

7.5CVSS6.9AI score0.00439EPSS
Exploits0References11
OSV
OSV
added 2025/01/07 7:15 a.m.3 views

CVE-2024-11282

The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that...

7.5CVSS7.3AI score0.00397EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.9 views

WordPress plugin Member Access 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. An information disclosure...

5.3CVSS8AI score0.00446EPSS
Exploits0References2
OSV
OSV
added 2024/12/20 7:15 a.m.4 views

CVE-2024-11297

The Page Restriction WordPress WP – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from pos...

7.5CVSS7.3AI score0.0059EPSS
Exploits1References2
NVD
NVD
added 2024/12/18 12:15 p.m.27 views

CVE-2024-11291

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated...

5.3CVSS0.00457EPSS
Exploits0References2
OSV
OSV
added 2024/12/18 12:15 p.m.5 views

CVE-2024-11291

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated...

5.3CVSS7.3AI score
Exploits0References2
CVE
CVE
added 2024/12/18 7:2 a.m.46 views

CVE-2024-11295

CVE-2024-11295 affects the WordPress plugin Simple Page Access Restriction. All versions up to 1.0.29 are vulnerable to sensitive information exposure via the WordPress core search feature, allowing unauthenticated attackers to extract data from posts restricted to higher-level roles. Publicly av...

5.3CVSS5.3AI score0.00452EPSS
Exploits0References2
Rows per page
Query Builder