EUVD-2024-47630

Malicious code in bioql PyPI...

EUVD-2024-30504

Malicious code in bioql PyPI...

CVE-2024-32717

Missing Authorization vulnerability in WPDeveloper SchedulePress.This issue affects SchedulePress: from n/a through 5.0.8...

CVE-2024-6557

The SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.1.3. This is due the plugin utilizing the wpdeveloper library and...

CVE-2024-6557

The SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.1.3. This is due the plugin utilizing the wpdeveloper library and...

CVE-2024-6557 SchedulePress <= 5.1.3 - Unauthenticated Full Path Disclosure

The SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.1.3. This is due the plugin utilizing the wpdeveloper library and...

CVE-2024-6557 SchedulePress <= 5.1.3 - Unauthenticated Full Path Disclosure

The SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.1.3. This is due the plugin utilizing the wpdeveloper library and...

CVE-2024-6557

The CVE-2024-6557 issue concerns the WordPress plugin SchedulePress (wp-scheduled-posts) with versions up to 5.1.3. The root cause is Full Path Disclosure caused by the plugin using the wpdeveloper library and leaving demo files in place while display_errors is enabled, enabling unauthenticated u...

WordPress SchedulePress plugin <= 5.1.3 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin SchedulePress versions = 5.1.3...

WordPress SchedulePress Plugin <= 5.1.3 is vulnerable to Sensitive Data Exposure

Software SchedulePress Type Plugin Vulnerable versions = 5.1.3 Fixed in 5.1.4 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6557 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 4befd0cb74c1 Credits stealthcopter Required...

PT-2024-37714 · WordPress · Schedulepress

Name of the Vulnerable Software and Affected Versions: SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher plugin for WordPress versions up to, and including, 5.1.3 Description: The issue is due to the plugin utilizing th...

CVE-2024-32717

Missing Authorization vulnerability in WPDeveloper SchedulePress.This issue affects SchedulePress: from n/a through 5.0.8...

WordPress plugin SchedulePress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-32717

CVE-2024-32717 affects the WordPress plugin SchedulePress (WPScheduled-Posts). Connected sources confirm a Missing Authorization / Broken Access Control flaw in SchedulePress versions up to and including 5.0.8, enabling unauthorized access due to inadequate authorization checks. Public advisories...

CVE-2024-32717 WordPress SchedulePress plugin <= 5.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper SchedulePress.This issue affects SchedulePress: from n/a through 5.0.8...

CVE-2024-32717 WordPress SchedulePress plugin <= 5.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper SchedulePress.This issue affects SchedulePress: from n/a through 5.0.8...

PT-2024-24805 · WordPress · Schedulepress

Name of the Vulnerable Software and Affected Versions: SchedulePress versions 5.0.8 and earlier Description: A Missing Authorization issue has been identified. This issue affects the SchedulePress plugin, potentially allowing unauthorized access due to the lack of proper authorization checks...

SchedulePress < 5.0.9 - Missing Authorization

Description The SchedulePress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 5.0.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized...

WordPress SchedulePress plugin <= 5.0.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin SchedulePress versions = 5.0.8...

WordPress SchedulePress Plugin <= 5.0.8 is vulnerable to Broken Access Control

Software SchedulePress Type Plugin Vulnerable versions = 5.0.8 Fixed in 5.0.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32717 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7d1404ed0d5c Credits Majed Refaea Required...