CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6477 – UsersWP < 1.2.12 - Users Information Disclosure
https://notcve.org/view.php?id=CVE-2024-6477
13 Jul 2024 — The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.11due to insufficient protections on the '/u... • https://wpscan.com/vulnerability/346c855a-4d42-4a87-aac9-e5bfc2242b16 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38760 – WordPress Send Users Email plugin <= 1.5.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-38760
12 Jul 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Maucher Send Users Email allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Send Users Email: from n/a through 1.5.1. The Send Users Email plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive informatio... • https://patchstack.com/database/vulnerability/send-users-email/wordpress-send-users-email-plugin-1-5-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38761 – WordPress Zephyr Project Manager plugin <= 3.3.99 - Sensitive Data Exposure via Export File vulnerability
https://notcve.org/view.php?id=CVE-2024-38761
12 Jul 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.99. The Zephyr Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.99 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. • https://patchstack.com/database/vulnerability/zephyr-project-manager/wordpress-zephyr-project-manager-plugin-3-3-99-sensitive-data-exposure-via-export-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.9EPSS: 0%CPEs: 7EXPL: 0CVE-2024-39537 – Junos OS Evolved: ACX7000 Series: Ports which have been inadvertently exposed can be reached over the network
https://notcve.org/view.php?id=CVE-2024-39537
11 Jul 2024 — An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause a limited information
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38749 – WordPress Olive One Click Demo Import plugin <= 1.1.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-38749
11 Jul 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Olive Themes Olive One Click Demo Import allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Olive One Click Demo Import: from n/a through 1.1.2. The Olive One Click Demo Import plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to extract potentially sensitive informatio... • https://patchstack.com/database/vulnerability/olive-one-click-demo-import/wordpress-olive-one-click-demo-import-plugin-1-1-2-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38756 – WordPress Coming Soon Page – Responsive Coming Soon & Maintenance Mode plugin <= 1.6.3 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-38756
11 Jul 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Weblizar Coming Soon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming Soon: from n/a through 1.6.3. The Coming Soon Page – Responsive Coming Soon & Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.3. This makes it possible for unauthenticated attackers to extract potentially sensitive informationsensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38742 – WordPress MBE eShip plugin <= 2.1.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-38742
11 Jul 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MBE Worldwide S.P.A. ... The MBE eShip plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to extract potentially sensitive information. • https://patchstack.com/database/vulnerability/mail-boxes-etc/wordpress-mbe-eship-plugin-2-1-2-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38747 – WordPress HitPay Payment Gateway for WooCommerce plugin <= 4.1.3 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-38747
11 Jul 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay Payment Gateway for WooCommerce: from n/a through 4.1.3. The HitPay Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.1.3 through publicly exposed log files. This makes ... • https://patchstack.com/database/vulnerability/hitpay-payment-gateway/wordpress-hitpay-payment-gateway-for-woocommerce-plugin-4-1-3-sensitive-data-exposure-via-log-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38699 – WordPress Wallet System for WooCommerce plugin <= 2.5.13 - Sensitive Data Exposure via Exported File vulnerability
https://notcve.org/view.php?id=CVE-2024-38699
11 Jul 2024 — The Wallet System for WooCommerce – Wallet, Digital Wallet, Cashback, Recharge User Wallets, Partial Payments, Wallet restriction, Refunds plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.13 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. • https://patchstack.com/database/vulnerability/wallet-system-for-woocommerce/wordpress-wallet-system-for-woocommerce-plugin-2-5-13-sensitive-data-exposure-via-exported-file-vulnerability? • CWE-532: Insertion of Sensitive Information into Log File CWE-862: Missing Authorization •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6235 – Sensitive information disclosure
https://notcve.org/view.php?id=CVE-2024-6235
10 Jul 2024 — Sensitive information disclosure in NetScaler Console Divulgación de información confidencial en NetScaler Console Sensitive information disclosure in NetScaler Console • https://support.citrix.com/article/CTX677998 • CWE-287: Improper Authentication •