13 matches found
EUVD-2021-34212
Malicious code in bioql PyPI...
CVE-2019-15816
The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via savesettingspage and other save functions...
CVE-2024-11292
CVE-2024-11292 affects the WordPress plugin WP Private Content Plus (
CVE-2024-11292 WP Private Content Plus <= 3.6.1 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted t...
CVE-2024-11292 WP Private Content Plus <= 3.6.1 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted t...
Information disclosure
The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated...
CVE-2024-0680
CVE-2024-0680 affects the WP Private Content Plus plugin for WordPress (versions up to and including 3.6). The root cause is improper access restriction of posts via the REST API when a page is private, allowing unauthenticated attackers to view protected posts. The vulnerability is documented ac...
CVE-2024-0680 WP Private Content Plus <= 3.6 - Protection Mechanism Bypass
The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated...
CVE-2021-4385 WP Private Content Plus <= 3.1 - Cross-Site Request Forgery Bypass
The WP Private Content Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the savegroups function. This makes it possible for unauthenticated attackers to add new group members via a...
CVE-2021-4385
The CVE-2021-4385 issue affects the WordPress WP Private Content Plus plugin (versions up to 3.1). The root cause is missing or incorrect nonce validation in the save_groups() function, enabling Cross-Site Request Forgery that could allow unauthenticated attackers to add new group members by tric...
PT-2023-12497 · WordPress · Wp Private Content Plus
Name of the Vulnerable Software and Affected Versions: WP Private Content Plus plugin for WordPress versions up to and including 3.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save groups function. This allows unauthenticate...
CVE-2019-15816
The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via savesettingspage and other save functions...
CVE-2019-15816
The CVE-2019-15816 entry concerns the WordPress plugin wp-private-content-plus. Connected sources confirm that versions before 2.0 allow option changes via save_settings_page and other save_ functions without proper protection, enabling unauthenticated modification of plugin options. The vulnerab...