CVE-2024-25923 – WordPress Community by PeepSo plugin <= 6.2.7.0 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-25923
Insertion of Sensitive Information into Log File vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.2.7.0. Inserción de información confidencial en la vulnerabilidad del archivo de registro en PeepSo Community by PeepSo. Este problema afecta a Community by PeepSo: desde n/a hasta 6.2.7.0. The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.7.0. This makes it possible for unauthenticated attackers to extract sensitive data from log files. • https://patchstack.com/database/vulnerability/peepso-core/wordpress-community-by-peepso-plugin-6-2-7-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVE-2023-27630 – WordPress Community by PeepSo plugin <= 6.0.9.0 - Server Information Disclosure
https://notcve.org/view.php?id=CVE-2023-27630
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.0.9.0. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en PeepSo Community por PeepSo. Este problema afecta a Community by PeepSo: desde n/a hasta 6.0.9.0. The Community by PeepSo plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.0.9.0 due to missing authorization checks on the action_admin_export() function. This makes it possible for unauthenticated attackers to trigger a system report export and obtain sensitive information about the servers configuration. • https://patchstack.com/database/vulnerability/peepso-core/wordpress-community-by-peepso-plugin-6-0-9-0-server-information-disclosure?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •