38 matches found
CVE-2024-6544
The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure in all versions up to, and including, 4.4.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path...
CVE-2024-7382
The Linkify Text plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path of th...
CVE-2025-43717
In PEAR HTTPRequest2 before 2.7.0, multiple files in the tests directory, notably tests/network/getparameters.php and tests/network/postparameters.php, reflect any GET or POST parameters, leading to XSS...
Bandisoft BandiView 安全漏洞
Bandisoft bandiview is an image viewer and editor software from the Korean company Bandisoft. A security vulnerability exists in Bandisoft BandiView version 7.05, which stems from the vulnerability of carefully crafted POC files in sub0x3d80fc to false access control attacks...
CVE-2024-6544 Custom Post Limits <= 4.4.1 - Unauthenticated Full Path Disclosure
The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure in all versions up to, and including, 4.4.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path...
CVE-2024-6551
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.15.1. This is due to the plugin utilizing Symfony and leaving displayerrors on within test files. This makes it possible for unauthenticated...
PT-2024-37708 · WordPress +1 · Givewp +1
Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress versions up to, and including, 3.15.1 Description: The issue is related to Full Path Disclosure, which occurs because the plugin utilizes Symfony and leaves display errors...
CVE-2024-7382
The Linkify Text plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path of th...
CVE-2024-7382
CVE-2024-7382 concerns the Linkify Text WordPress plugin. The vulnerability is a Full Path Disclosure in all versions up to and including 1.9.1, caused by the plugin using Bootstrap and leaving test files with display_errors enabled. This allows unauthenticated attackers to retrieve the web app’s...
CVE-2024-7382 Linkify Text <= 1.9.1 - Unauthenticated Full Path Disclosure
The Linkify Text plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path of th...
CVE-2024-6552 Booking for Appointments and Events Calendar – Amelia <= 1.2 - Unauthenticated Full Path Disclosure
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2. This is due to the plugin utilizing Symfony and leaving displayerrors on within test files. This makes it possible for unauthenticated...
PT-2024-37709 · WordPress · Amelia
Name of the Vulnerable Software and Affected Versions: The Booking for Appointments and Events Calendar – Amelia plugin for WordPress versions up to, and including, 1.2 Description: The issue is related to Full Path Disclosure, which occurs because the plugin utilizes Symfony and has display erro...
PT-2024-37723 · WordPress · Ebook Store
Name of the Vulnerable Software and Affected Versions: Ebook Store plugin for WordPress versions up to, and including, 5.8001 Description: The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure due to the plugin utilizing fpdi-protection and not preventing direct access to tes...
CVE-2024-6545
The Admin Trim Interface plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full pa...
CVE-2024-6549 Admin Post Navigation <= 2.1 - Unauthenticated Full Path Disclosure
The Admin Post Navigation plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full pat...
CVE-2024-6545 Admin Trim Interface <= 3.5.1 - Unauthenticated Full Path Disclosure
The Admin Trim Interface plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full pa...
CVE-2024-6548 Add Admin JavaScript <= 2.0 - Unauthenticated Full Path Dislcosure
The Add Admin JavaScript plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path...
CVE-2024-6547
CVE-2024-6547 affects the Add Admin CSS plugin for WordPress (versions up to and including 2.0.1). The issue is Full Path Disclosure caused by the plugin using bootstrap and leaving test files with display_errors on, enabling unauthenticated access to the web app’s full filesystem path. The discl...
CVE-2024-6547 Add Admin CSS <= 2.0.1 - Unauthenticated Full Path Dislcosure
The Add Admin CSS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path of t...
PT-2024-37702 · WordPress · Admin Trim Interface
Name of the Vulnerable Software and Affected Versions: Admin Trim Interface plugin for WordPress versions up to, and including, 3.5.1 Description: The issue is related to Full Path Disclosure, which occurs because the plugin utilizes bootstrap and leaves test files with display errors on. This...