5.3
CVE-2024-11351 - Restrict β membership, site, content and user access restrictions for WordPress <= 2.2.8 - Unauthenβ¦
The Restrict β membership, site, content and user access restrictions for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.8 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extractβ¦
4.3
CVE-2024-51460 - IBM InfoSphere Information Server information disclosure
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.
3.1
CVE-2023-23472 - IBM InfoSphere Information Server information disclosure
IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.
6.1
CVE-2024-12325 - Waymark <= 1.4.1 - Reflected Cross-Site Scripting via 'content'
The Waymark plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βcontentβ parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts iβ¦
5.3
CVE-2024-12294 - Last Viewed Posts by WPBeginner <= 1.0.1 - Unauthenticated Sensitive Information Exposure
The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and permalinks β¦
7.1
CVE-2024-11840 - RapidLoad β Optimize Web Vitals Automatically <= 2.4.2 - Missing Authorization to Authenticated (Suβ¦
The RapidLoad β Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data, update_rapidload_settings, wp_ajax_update_htaccess_file, uucss_update_rule, upload_rules, get_all_rules, β¦
5.3
CVE-2024-11008 - Members <= 3.2.10 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
The Members β Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that β¦
5.3
CVE-2024-11401 - Rapid7 Insight Platform Privilege Escalation Vulnerability
Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API (the functionality waβ¦
9.3
CVE-2024-11737 -
CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and a loss of confidentiality, integrity of the controller when an unauthenticated crafted Modbus packet is sent to the device.
0.0
CVE-2024-54269 - WordPress Notibar plugin <= 2.1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Ninja Team Notibar notibar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notibar: from n/a through <= 2.1.4.