Show filters
81 Total Results
Displaying 1-10 of 81
Sort by:
Attacker Value
Unknown

CVE-2024-37241

Disclosure Date: January 02, 2025 (last updated January 03, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager - Resume Manager allows Cross Site Request Forgery.This issue affects WP Job Manager - Resume Manager: from n/a through 2.1.0.
0
0
Attacker Value
Unknown

CVE-2024-37242

Disclosure Date: January 02, 2025 (last updated January 03, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in Automattic Newspack Newsletters allows Cross Site Request Forgery.This issue affects Newspack Newsletters: from n/a through 2.13.2.
0
0
Attacker Value
Unknown

CVE-2024-43338

Disclosure Date: November 19, 2024 (last updated November 20, 2024)
Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more allows Cross Site Request Forgery.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.1.2.
0
0
Attacker Value
Unknown

CVE-2024-10486

Disclosure Date: November 18, 2024 (last updated January 06, 2025)
The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks.
0
0
Attacker Value
Unknown

CVE-2024-37477

Disclosure Date: November 01, 2024 (last updated November 02, 2024)
Missing Authorization vulnerability in Automattic Newspack Content Converter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Content Converter: from n/a through 0.1.5.
0
0
Attacker Value
Unknown

CVE-2024-37475

Disclosure Date: November 01, 2024 (last updated November 02, 2024)
Missing Authorization vulnerability in Automattic Newspack Newsletters allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Newspack Newsletters: from n/a through 2.13.2.
0
0
Attacker Value
Unknown

CVE-2024-37443

Disclosure Date: November 01, 2024 (last updated November 02, 2024)
Missing Authorization vulnerability in Automattic WP Job Manager - Resume Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager - Resume Manager: from n/a through 2.1.0.
0
0
Attacker Value
Unknown

CVE-2024-37425

Disclosure Date: November 01, 2024 (last updated November 02, 2024)
Missing Authorization vulnerability in Automattic Newspack Blocks newspack-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Blocks: from n/a through 3.0.8.
0
0
Attacker Value
Unknown

CVE-2024-37423

Disclosure Date: November 01, 2024 (last updated November 02, 2024)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic Newspack Blocks allows Path Traversal.This issue affects Newspack Blocks: from n/a through 3.0.8.
0
0
Attacker Value
Unknown

CVE-2024-7786

Disclosure Date: September 04, 2024 (last updated October 08, 2024)
The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  Next >