CVE-2023-44982 – WordPress WP Retina 2x Plugin <= 6.4.5 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-44982
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina).This issue affects Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina): from n/a through 6.4.5. Exposición de información confidencial en una vulnerabilidad de actor no autorizado en Jordy Meow Perfect Images (administrar tamaños de imagen, miniaturas, reemplazar, Retina). Este problema afecta a Perfect Images (administrar tamaños de imagen, miniaturas, reemplazar, Retina): desde n/a hasta 6.4. 5. The Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.5 due to guessable log file names. This makes it possible for unauthenticated attackers to extract sensitive data. • https://patchstack.com/database/vulnerability/wp-retina-2x/wordpress-wp-retina-2x-plugin-6-4-5-sensitive-data-exposure-via-log-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-44983 – WordPress Aruba HiSpeed Cache Plugin <= 2.0.6 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-44983
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aruba.It Aruba HiSpeed Cache.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.6. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Aruba.It Aruba HiSpeed Cache. Este problema afecta a Aruba HiSpeed Cache: desde n/a hasta 2.0.6. The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.6 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data including debug and trace information. • https://patchstack.com/database/vulnerability/aruba-hispeed-cache/wordpress-aruba-hispeed-cache-plugin-2-0-6-sensitive-data-exposure-via-log-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-49162 – WordPress BigCommerce Plugin <= 5.0.6 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-49162
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BigCommerce BigCommerce For WordPress.This issue affects BigCommerce For WordPress: from n/a through 5.0.6. Vulnerabilidad de exposición de información confidencial a un actor no autorizado en BigCommerce BigCommerce para WordPress. Este problema afecta a BigCommerce para WordPress: desde n/a hasta 5.0.6. The BigCommerce For WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0. This makes it possible for unauthenticated attackers to extract sensitive data. • https://patchstack.com/database/vulnerability/bigcommerce/wordpress-bigcommerce-for-wordpress-plugin-5-0-6-sensitive-data-exposure-via-log-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-6287 – Backup password in GET parameter
https://notcve.org/view.php?id=CVE-2023-6287
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files. • https://checkmk.com/werk/9554 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVE-2023-6226 – WP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 - Insecure Direct Object Reference to Information Disclosure
https://notcve.org/view.php?id=CVE-2023-6226
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user controlled keys 'key' and 'post_id'. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve arbitrary post meta values which may contain sensitive information when combined with another plugin. El complemento WP Shortcodes: el complemento Shortcodes Ultimate para WordPress es vulnerable a la referencia directa de objetos inseguros en todas las versiones hasta la 5.13.3 incluida a través del código corto su_meta debido a la falta de validación en las claves controladas por el usuario 'key' y 'post_id'. Esto hace posible que atacantes autenticados, con acceso de nivel de colaboradores y superiores, recuperen metavalores de publicaciones arbitrarias que pueden contener información confidencial cuando se combinan con otro complemento. • https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/meta.php https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3000576%40shortcodes-ultimate&new=3000576%40shortcodes-ultimate&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/4d936a48-b300-4a41-8d28-ba34cb3c5cb7?source=cve • CWE-639: Authorization Bypass Through User-Controlled Key •