Page 87 of 10658 results (0.027 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The Opal Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the private notes functionality on payments which utilizes WordPress comments. This makes it possible for authenticated attackers, with subscriber-level access and above, to view private notes via recent comments that should be restricted to just administrators. • https://plugins.trac.wordpress.org/browser/opal-membership/trunk/inc/class-opalmembership-ajax.php#L128 https://plugins.trac.wordpress.org/browser/opal-membership/trunk/inc/mixes-functions.php#L154 https://www.wordfence.com/threat-intel/vulnerabilities/id/d3098565-d037-4a31-af3c-00e8b93b922e?source=cve • CWE-862: Missing Authorization •

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0

This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0233 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5563 • CWE-35: Path Traversal: '.../ •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Shared Files – File Upload Form Shared Files.This issue affects Shared Files: from n/a through 1.7.28. The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.28 via the export functionality and lack of protected directory. This makes it possible for unauthenticated attackers to extract sensitive data information from export files generated by the plugin. • https://patchstack.com/database/vulnerability/shared-files/wordpress-shared-files-premium-download-manager-secure-file-sharing-with-frontend-file-upload-plugin-1-7-28-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in myCred.This issue affects myCred: from n/a through 2.7.2. The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.7.2 via the get_issuer_data() function. This makes it possible for unauthenticated attackers to see the open badge email. • https://patchstack.com/database/vulnerability/mycred/wordpress-mycred-plugin-2-7-2-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •