CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0593 – Simple Job Board <= 2.10.8 - Missing Authorization to Unauthenticated Information Disclosure
https://notcve.org/view.php?id=CVE-2024-0593
The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information. El complemento Simple Job Board para WordPress es vulnerable al acceso no autorizado a los datos | debido a una verificación de autorización insuficiente en la función fetch_quick_job() en todas las versiones hasta la 2.10.8 incluida. Esto hace posible que atacantes no autenticados obtengan publicaciones arbitrarias, que pueden estar protegidas con contraseña o ser privadas y contener información confidencial. • https://plugins.trac.wordpress.org/changeset/3038476/simple-job-board/trunk/includes/class-simple-job-board-ajax.php https://www.wordfence.com/threat-intel/vulnerabilities/id/0a28a161-3dbc-4ef0-a2ce-4c102cf3cbb0?source=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25933 – WordPress PeproDev Ultimate Invoice plugin <= 1.9.7 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-25933
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 1.9.7. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Pepro Dev. Group PeproDev Ultimate Invoice. Este problema afecta a PeproDev Ultimate Invoice: desde n/a hasta 1.9.7. • https://patchstack.com/database/vulnerability/pepro-ultimate-invoice/wordpress-peprodev-ultimate-invoice-plugin-1-9-7-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7236 – Backup Bolt <= 1.3.0 - Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-7236
The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information. El complemento Backup Bolt de WordPress hasta la versión 1.3.0 es vulnerable a la exposición de la información a través del acceso desprotegido a los registros de depuración. Esto hace posible que atacantes no autenticados recuperen el registro de depuración que puede contener información como errores del sistema que podrían contener información confidencial. The Backup Bolt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via error log file. • https://wpscan.com/vulnerability/2a4557e2-b764-4678-a6d6-af39dd1ba76b • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6821 – Error Log Viewer < 1.1.3 - Directory Listing to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-6821
The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 contains a vulnerability that allows you to read and download PHP logs without authorization El complemento Error Log Viewer de BestWebSoft WordPress anterior a 1.1.3 contiene una vulnerabilidad que le permite leer y descargar registros PHP sin autorización The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.2 via the plugin's log files. This makes it possible for unauthenticated attackers to extract sensitive data including file paths and other information stored within those logs. • https://wpscan.com/vulnerability/6b1a998d-c97c-4305-b12a-69e29408ebd9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50951 – IBM QRadar Suite information disclosure
https://notcve.org/view.php?id=CVE-2023-50951
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. IBM X-Force ID: 275747. IBM QRadar Suite 1.10.12.0 a 1.10.17.0 e IBM Cloud Pak for Security 1.10.0.0 a 1.10.11.0 en algunas circunstancias registrarán información confidencial sobre intentos de autorización no válidos. ID de IBM X-Force: 275747. • https://exchange.xforce.ibmcloud.com/vulnerabilities/275747 https://www.ibm.com/support/pages/node/7118604 • CWE-532: Insertion of Sensitive Information into Log File •