CVE-2024-33914 – WordPress Exclusive Addons for Elementor plugin <= 2.6.9.1 - Broken Access Control on Post Duplication vulnerability
https://notcve.org/view.php?id=CVE-2024-33914
This makes it possible for authenticated attackers, with contributor-level access and above, to duplicate other users posts which can lead to information disclosure for private posts. • https://patchstack.com/database/vulnerability/exclusive-addons-for-elementor/wordpress-exclusive-addons-for-elementor-plugin-2-6-9-1-broken-access-control-on-post-duplication-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2024-33669
https://notcve.org/view.php?id=CVE-2024-33669
It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. • https://blog.quarkslab.com/passbolt-a-bold-use-of-haveibeenpwned.html https://haveibeenpwned.com https://help.passbolt.com/incidents/pwned-password-service-information-leak https://www.passbolt.com https://www.passbolt.com/security/more • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-33637 – WordPress Solid Affiliate plugin <= 1.9.1 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-33637
Insertion of Sensitive Information into Log File vulnerability in Solid Plugins Solid Affiliate.This issue affects Solid Affiliate: from n/a through 1.9.1. ... The Solid Affiliate plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. • https://patchstack.com/database/vulnerability/solid-affiliate/wordpress-solid-affiliate-plugin-1-9-1-sensitive-data-exposure-via-log-file-vulnerability? • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2024-33575 – WordPress User Meta plugin <= 3.0 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-33575
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0. ... The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0 via the /views/debug.php file. • https://patchstack.com/database/vulnerability/user-meta/wordpress-user-meta-plugin-3-0-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-33538 – WordPress Assistant – Every Day Productivity Apps plugin <= 1.4.9.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-33538
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from n/a through 1.4.9.1. ... The Assistant – Every Day Productivity Apps plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9.1 via publicly accessible files. This makes it possible for unauthenticated attackers to view potentially sensitive information stored in those files. • https://patchstack.com/database/vulnerability/assistant/wordpress-assistant-every-day-productivity-apps-plugin-1-4-9-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •