CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6556 – SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.8 - Unauthenticated Full Path Disclosure
https://notcve.org/view.php?id=CVE-2024-6556
09 Jul 2024 — The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.10.8. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for ... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3115079%40smartcrawl-seo&new=3115079%40smartcrawl-seo&sfp_email=&sfph_mail= • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3287 – SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.2 - Missing Authorization
https://notcve.org/view.php?id=CVE-2024-3287
19 Apr 2024 — The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the save_settings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticated attackers to save schema types. El complemento SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer para WordPress es vulnerable a la inyección no autorizada de descripciones ld+json debido a una falta d... • https://plugins.trac.wordpress.org/changeset/3073136/smartcrawl-seo/trunk/includes/core/schema/class-types.php?old=2943058&old_path=smartcrawl-seo%2Ftrunk%2Fincludes%2Fcore%2Fschema%2Fclass-types.php • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5949 – SmartCrawl WordPress SEO checker < 3.8.3 - Unauthenticated Password Protected Post Disclosure
https://notcve.org/view.php?id=CVE-2023-5949
23 Nov 2023 — The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content. El complemento SmartCrawl de WordPress anterior a 3.8.3 no impide que usuarios no autorizados accedan al contenido de las publicaciones protegidas con contraseña. The Simple Social Media Share Buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.2 via meta tags. This makes it possible for unauthenticated attackers... • https://wpscan.com/vulnerability/3cec27ca-f470-402d-ae3e-271cb59cf407 • CWE-862: Missing Authorization •