CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37924 – WordPress WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin <= 1.0.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-37924
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wp2speed WP2Speed Faster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP2Speed Faster: from n/a through 1.0.1. The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to extract potentially sensitive information. • https://patchstack.com/database/vulnerability/wp2speed/wordpress-wp2speed-faster-optimize-pagespeed-insights-score-90-100-plugin-1-0-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-27363
https://notcve.org/view.php?id=CVE-2024-27363
A vulnerability was discovered in Samsung Mobile Processor Exynos 850, Exynos 9610, Exynos 980, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, and Exynos W930 where it does not properly check a pointer address, which can lead to a Information disclosure. • https://semiconductor.samsung.com/support/quality-support/product-security-updates https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-27363 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1287 – Paid Memberships Pro - Member Directory Add On < 1.2.6 - Contributor+ Sensitive Information Disclosure and SQLi
https://notcve.org/view.php?id=CVE-2024-1287
The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes. The Paid Memberships Pro - Member Directory Add On plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to 1.2.6 (exclusive) through the 'pmpro_member_directory' shortcode. • https://wpscan.com/vulnerability/169e5756-4e12-4add-82e9-47471c30f08c • CWE-202: Exposure of Sensitive Information Through Data Queries CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37935 – WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-37935
This makes it possible for unauthenticated attackers to view sensitive information. • https://patchstack.com/database/vulnerability/woocommerce-openpos/wordpress-woocommerce-openpos-plugin-6-4-4-unauthenticated-sensitive-data-exposure-vulnerability? • CWE-862: Missing Authorization •
CVSS: 4.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-27362
https://notcve.org/view.php?id=CVE-2024-27362
A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, Exynos 1380, and Exynos 2400 where they do not properly check the length of the data, which can lead to a Information disclosure. • https://semiconductor.samsung.com/support/quality-support/product-security-updates https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-27362 •