CVE-2024-54366 – WordPress Vimeography plugin <= 2.4.4 - Full Path Disclosure (FPD) vulnerability
https://notcve.org/view.php?id=CVE-2024-54366
Generation of Error Message Containing Sensitive Information vulnerability in Dave Kiss Vimeography allows Retrieve Embedded Sensitive Data.This issue affects Vimeography: from n/a through 2.4.4. The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/vimeography/vulnerability/wordpress-vimeography-plugin-2-4-4-full-path-disclosure-fpd-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2024-35770 – WordPress Vimeography plugin <= 2.4.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-35770
Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin.This issue affects Vimeography: Vimeo Video Gallery WordPress Plugin: from n/a through 2.4.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin. Este problema afecta a Vimeography: Vimeo Video Gallery WordPress Plugin: desde n/a hasta 2.4.1. The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.1. This is due to missing or incorrect nonce validation on several functions. • https://patchstack.com/database/vulnerability/vimeography/wordpress-vimeography-plugin-2-4-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •