CVE-2023-6592 – FastDup – Fastest WordPress Migration & Duplicator < 2.2 - Directory Listing to Account Takeover and Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-6592
The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files. El complemento FastDup de WordPress anterior a 2.2 no impide el listado de directorios en directorios confidenciales que contienen archivos de exportación. The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.9. This makes it possible for unauthenticated attackers to obtain exports that include sensitive information such as user password hashes. • https://research.cleantalk.org/cve-2023-6592-fastdup-database-users-password-leak-poc-exploit https://wpscan.com/vulnerability/a39bb807-b143-4863-88ff-1783e407d7d4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-22154 – WordPress SalesKing Plugin <= 1.6.15 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2024-22154
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en SNP Digital SalesKing. Este problema afecta a SalesKing: desde n/a hasta 1.6.15. The salesking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.15. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/salesking/wordpress-salesking-plugin-1-6-15-unauthenticated-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-0490 – Huaxia ERP getAllList information disclosure
https://notcve.org/view.php?id=CVE-2024-0490
The manipulation leads to information disclosure. ... Durch Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access.md https://vuldb.com/?ctiid.250595 https://vuldb.com/?id.250595 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-0472 – code-projects Dormitory Management System modifyuser.php information disclosure
https://notcve.org/view.php?id=CVE-2024-0472
The manipulation of the argument mname leads to information disclosure. ... Durch Manipulieren des Arguments mname mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20Database%20information%20leakage%20modifyuser.php.pdf https://vuldb.com/?ctiid.250577 https://vuldb.com/?id.250577 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVE-2023-31031
https://notcve.org/view.php?id=CVE-2023-31031
A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5510 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •