CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43257 – WordPress Leopard plugin <= 2.0.36 - Subscriber+ Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-43257
This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/leopard-wordpress-offload-media/wordpress-leopard-wordpress-offload-media-plugin-2-0-36-subscriber-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43251 – WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-43251
This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/bitformpro/wordpress-bit-form-pro-plugin-2-6-4-authenticated-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42468 – Path traversal (CometVisu)
https://notcve.org/view.php?id=CVE-2024-42468
This issue may lead to information disclosure. • https://github.com/openhab/openhab-webui/blob/1c03c60f84388b9d7da0231df2d4ebb1e17d3fcf/bundles/org.openhab.ui.cometvisu/src/main/java/org/openhab/ui/cometvisu/internal/servlet/CometVisuServlet.java#L75 https://github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2 https://github.com/openhab/openhab-webui/security/advisories/GHSA-pcwp-26pw-j98w • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42470 – CometVisu Backend for openHAB has a sensitive information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-42470
This makes it possible for unauthenticated attackers to modify or to steal sensitive data. This issue may lead to sensitive information disclosure. • https://github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2 https://github.com/openhab/openhab-webui/security/advisories/GHSA-3g4c-hjhr-73rj • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7648 – Opal Membership <= 1.2.4 - Authenticated (Subscriber+) Information Disclosure
https://notcve.org/view.php?id=CVE-2024-7648
The Opal Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the private notes functionality on payments which utilizes WordPress comments. This makes it possible for authenticated attackers, with subscriber-level access and above, to view private notes via recent comments that should be restricted to just administrators. • https://plugins.trac.wordpress.org/browser/opal-membership/trunk/inc/class-opalmembership-ajax.php#L128 https://plugins.trac.wordpress.org/browser/opal-membership/trunk/inc/mixes-functions.php#L154 https://www.wordfence.com/threat-intel/vulnerabilities/id/d3098565-d037-4a31-af3c-00e8b93b922e?source=cve • CWE-862: Missing Authorization •