CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47529 – WordPress Cloud Templates & Patterns collection Plugin <= 1.2.2 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-47529
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeIsle Cloud Templates & Patterns collection.This issue affects Cloud Templates & Patterns collection: from n/a through 1.2.2. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en ThemeIsle Cloud Templates & Patterns collection. Este problema afecta a Cloud Templates & Patterns collection: desde n/a hasta 1.2.2. The Cloud Templates & Patterns collection plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.2 via a log file with a predictable name. This makes it possible for unauthenticated attackers to extract sensitive data. • https://github.com/RandomRobbieBF/CVE-2023-47529 https://patchstack.com/database/vulnerability/templates-patterns-collection/wordpress-cloud-templates-patterns-collection-plugin-1-2-2-sensitive-data-exposure-via-log-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36409 – Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-36409
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de Microsoft Edge (basado en Chromium) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36409 https://security.gentoo.org/glsa/202402-05 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4930 – Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing
https://notcve.org/view.php?id=CVE-2023-4930
The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled. El complemento Front End PM para WordPress anterior a 11.4.3 no bloquea la lista de contenidos de los directorios donde almacena archivos adjuntos a mensajes privados, lo que permite a los visitantes no autenticados enumerar y descargar archivos adjuntos privados si la función de autoindexación del servidor web está habilitada. The Front End PM plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to 11.4.3 (exclusive) via directory listing. This makes it possible for unauthenticated attackers to extract sensitive data including attachments to private messages. • https://wpscan.com/vulnerability/c73b3276-e6f1-4f22-a888-025e5d0504f2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4430 – Ortus Solutions ColdBox Elixir ENV Variable defaultConfig.js information disclosure
https://notcve.org/view.php?id=CVE-2021-4430
The manipulation leads to information disclosure. ... Durch Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/Ortus-Solutions/coldbox-elixir/commit/a3aa62daea2e44c76d08d1eac63768cd928cd69e https://github.com/Ortus-Solutions/coldbox-elixir/releases/tag/v3.1.7 https://vuldb.com/?ctiid.244485 https://vuldb.com/?id.244485 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 45EXPL: 0CVE-2023-32825
https://notcve.org/view.php?id=CVE-2023-32825
This could lead to local information disclosure with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/November-2023 • CWE-125: Out-of-bounds Read •