CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43251 – WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-43251
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bit Apps Bit Form Pro.This issue affects Bit Form Pro: from n/a through 2.6.4. The bitformpro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/bitformpro/wordpress-bit-form-pro-plugin-2-6-4-authenticated-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42468 – Path traversal (CometVisu)
https://notcve.org/view.php?id=CVE-2024-42468
This issue may lead to information disclosure. • https://github.com/openhab/openhab-webui/blob/1c03c60f84388b9d7da0231df2d4ebb1e17d3fcf/bundles/org.openhab.ui.cometvisu/src/main/java/org/openhab/ui/cometvisu/internal/servlet/CometVisuServlet.java#L75 https://github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2 https://github.com/openhab/openhab-webui/security/advisories/GHSA-pcwp-26pw-j98w • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42470 – CometVisu Backend for openHAB has a sensitive information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-42470
This issue may lead to sensitive information disclosure. • https://github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2 https://github.com/openhab/openhab-webui/security/advisories/GHSA-3g4c-hjhr-73rj • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7648 – Opal Membership <= 1.2.4 - Authenticated (Subscriber+) Information Disclosure
https://notcve.org/view.php?id=CVE-2024-7648
The Opal Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the private notes functionality on payments which utilizes WordPress comments. This makes it possible for authenticated attackers, with subscriber-level access and above, to view private notes via recent comments that should be restricted to just administrators. • https://plugins.trac.wordpress.org/browser/opal-membership/trunk/inc/class-opalmembership-ajax.php#L128 https://plugins.trac.wordpress.org/browser/opal-membership/trunk/inc/mixes-functions.php#L154 https://www.wordfence.com/threat-intel/vulnerabilities/id/d3098565-d037-4a31-af3c-00e8b93b922e?source=cve • CWE-862: Missing Authorization •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7408 – Information Disclosure Vulnerability in Airveda Air Quality Monitor
https://notcve.org/view.php?id=CVE-2024-7408
This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0233 • CWE-319: Cleartext Transmission of Sensitive Information •