CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30233 – WordPress WholesaleX plugin <= 1.3.1 - Sensitive Data Exposure on User Export vulnerability
https://notcve.org/view.php?id=CVE-2024-30233
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Wholesale Team WholesaleX. Este problema afecta a WholesaleX: desde n/a hasta 1.3.1. The WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the 'export_users'. This makes it possible for authenticated attackers, with access to the admin dashboard (Subscribers, though with WooCommerce installed this would be limited to contributors by default) to extract sensitive data including lists of users. • https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-1-sensitive-data-exposure-on-user-export-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2261 – Event Tickets and Registration <= 5.8.2 - Improper Authorization to Information Disclosure
https://notcve.org/view.php?id=CVE-2024-2261
The Event Tickets and Registration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.2 via the RSVP functionality. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including emails and street addresses. El complemento Event Tickets and Registration para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 5.8.2 incluida a través de la funcionalidad RSVP. Esto hace posible que los atacantes autenticados, con acceso de colaborador y superior, extraigan datos confidenciales, incluidos correos electrónicos y direcciones postales. • https://plugins.trac.wordpress.org/changeset?old_path=/event-tickets/tags/5.8.2&old=3059268&new_path=/event-tickets/tags/5.8.3&new=3059268&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/2e42dd1c-adf7-471a-a14a-9038c56413a2?source=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 1CVE-2024-29059 – .NET Framework Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-29059
.NET Framework Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de .NET Framework • https://github.com/codewhitesec/HttpRemotingObjRefLeak https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32751 – IBM Security Verify Directory information disclosure
https://notcve.org/view.php?id=CVE-2022-32751
IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437. IBM Security Verify Directory 10.0.0 podría revelar información confidencial del servidor que podría usarse en futuros ataques contra el sistema. ID de IBM X-Force: 228437. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228437 https://www.ibm.com/support/pages/node/7145001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32756 – IBM Security Verify Directory information disclosure
https://notcve.org/view.php?id=CVE-2022-32756
IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507. IBM Security Verify Directory 10.0.0 podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228507 https://www.ibm.com/support/pages/node/7145001 • CWE-209: Generation of Error Message Containing Sensitive Information •