CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6574 – Laposta <= 1.12 - Unauthenticated Full Path Disclosure
https://notcve.org/view.php?id=CVE-2024-6574
The Laposta plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.12. ... The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. • https://plugins.trac.wordpress.org/browser/laposta/trunk/includes/laposta-php-1.2/examples/member/all.php https://www.wordfence.com/threat-intel/vulnerabilities/id/7632fe73-4011-4e6e-8ce7-38a9359ac259?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38761 – WordPress Zephyr Project Manager plugin <= 3.3.99 - Sensitive Data Exposure via Export File vulnerability
https://notcve.org/view.php?id=CVE-2024-38761
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.99. The Zephyr Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.99 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. • https://patchstack.com/database/vulnerability/zephyr-project-manager/wordpress-zephyr-project-manager-plugin-3-3-99-sensitive-data-exposure-via-export-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38760 – WordPress Send Users Email plugin <= 1.5.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-38760
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Maucher Send Users Email allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Send Users Email: from n/a through 1.5.1. The Send Users Email plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. • https://patchstack.com/database/vulnerability/send-users-email/wordpress-send-users-email-plugin-1-5-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6555 – WP Popups – WordPress Popup builder <= 2.2.0.1 - Unauthenticated Full Path Disclosure
https://notcve.org/view.php?id=CVE-2024-6555
The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.0.1. ... The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3115849%40wp-popups-lite&new=3115849%40wp-popups-lite&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/578892f2-9841-4493-8445-61b79feb4764?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 7EXPL: 0CVE-2024-39537 – Junos OS Evolved: ACX7000 Series: Ports which have been inadvertently exposed can be reached over the network
https://notcve.org/view.php?id=CVE-2024-39537
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, specific processes which should only be able to communicate internally within the device can be reached over the network via open ports. This issue affects Junos OS Evolved on ACX 7000 Series: * All versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-S3-EVO, * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO. • https://supportportal.juniper.net/JSA82997 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •