CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33922 – WordPress WP Media Cleaner plugin <= 6.7.2 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-33922
Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.This issue affects WP Media Cleaner: from n/a through 6.7.2. Vulnerabilidad de inserción de información confidencial en el archivo de registro en Jordy Meow WP Media Cleaner. Este problema afecta a WP Media Cleaner: desde n/a hasta 6.7.2. The Media Cleaner: Clean your WordPress! plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.2 through publicly exposed log files. • https://patchstack.com/database/vulnerability/media-cleaner/wordpress-wp-media-cleaner-plugin-6-7-2-sensitive-data-exposure-via-log-file-vulnerability? • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1809 – Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) <= 5.2.3 - Missing Authorization
https://notcve.org/view.php?id=CVE-2024-1809
The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including, 5.2.3. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3072410%40wp-analytify%2Ftrunk&old=3024819%40wp-analytify%2Ftrunk&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/7a659071-df11-4318-86c2-7881163c8b62?source=cve • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-33669
https://notcve.org/view.php?id=CVE-2024-33669
It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. • https://blog.quarkslab.com/passbolt-a-bold-use-of-haveibeenpwned.html https://haveibeenpwned.com https://help.passbolt.com/incidents/pwned-password-service-information-leak https://www.passbolt.com https://www.passbolt.com/security/more • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33575 – WordPress User Meta plugin <= 3.0 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-33575
This makes it possible for unauthenticated attackers, with to extract sensitive configuration data. • https://patchstack.com/database/vulnerability/user-meta/wordpress-user-meta-plugin-3-0-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33538 – WordPress Assistant – Every Day Productivity Apps plugin <= 1.4.9.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-33538
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from n/a through 1.4.9.1. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Fastline Media LLC Assistant – Every Day Productivity Apps. Este problema afecta al Asistente: aplicaciones de productividad para todos los días: desde n/a hasta 1.4.9.1. The Assistant – Every Day Productivity Apps plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9.1 via publicly accessible files. This makes it possible for unauthenticated attackers to view potentially sensitive information stored in those files. • https://patchstack.com/database/vulnerability/assistant/wordpress-assistant-every-day-productivity-apps-plugin-1-4-9-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •