CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37468 – WordPress Newsmatic theme <= 1.3.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-37468
01 Jul 2024 — Missing Authorization vulnerability in blazethemes Newsmatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newsmatic: from n/a through 1.3.1. The Newsmatic theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/newsmatic/wordpress-newsmatic-theme-1-3-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1587 – Newsmatic <= 1.3.4 - Unauthenticated Information Exposure via newsmatic_filter_posts_load_tab_content
https://notcve.org/view.php?id=CVE-2024-1587
25 Mar 2024 — The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and post content. El tema Newsmatic para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 1.3.0 incluida a través de 'newsmatic_filter_posts_load_tab_content'. Esto hace posible que atacantes no autenticados vea... • https://themes.trac.wordpress.org/browser/newsmatic/1.3.0/inc/template-functions.php#L634 • CWE-862: Missing Authorization •