CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11181 – Greenshift – animation and page builder blocks <= 9.9.9.3 - Authenticated (Contributor+) Post Disclosure
https://notcve.org/view.php?id=CVE-2024-11181
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wp_reusable_render' shortcode due to insufficient restrictions on which posts can be included. • https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/trunk/settings.php#L1236 https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/trunk/settings.php#L43 https://plugins.trac.wordpress.org/changeset/3203829/greenshift-animation-and-page-builder-blocks/trunk/settings.php https://www.wordfence.com/threat-intel/vulnerabilities/id/06047667-2a24-4e1c-9389-11daceff4d23?source=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54279 – WordPress WP-NERD Toolkit plugin <= 1.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-54279
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPNERD WP-NERD Toolkit.This issue affects WP-NERD Toolkit: from n/a through 1.1. The WP-NERD Toolkit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1. • https://patchstack.com/database/wordpress/plugin/wp-nerd-toolkit/vulnerability/wordpress-wp-nerd-toolkit-plugin-1-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54309 – WordPress PostBox plugin <= 1.0.4 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-54309
Insertion of Sensitive Information Into Sent Data vulnerability in wpdebuglog PostBox allows Retrieve Embedded Sensitive Data.This issue affects PostBox: from n/a through 1.0.4. • https://patchstack.com/database/wordpress/plugin/postbox-email-logs/vulnerability/wordpress-postbox-plugin-1-0-4-sensitive-data-exposure-vulnerability? • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54366 – WordPress Vimeography plugin <= 2.4.4 - Full Path Disclosure (FPD) vulnerability
https://notcve.org/view.php?id=CVE-2024-54366
Generation of Error Message Containing Sensitive Information vulnerability in Dave Kiss Vimeography allows Retrieve Embedded Sensitive Data.This issue affects Vimeography: from n/a through 2.4.4. The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.4. • https://patchstack.com/database/wordpress/plugin/vimeography/vulnerability/wordpress-vimeography-plugin-2-4-4-full-path-disclosure-fpd-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53246 – Sensitive Information Disclosure through SPL commands
https://notcve.org/view.php?id=CVE-2024-53246
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. • https://advisory.splunk.com/advisories/SVD-2024-1204 • CWE-319: Cleartext Transmission of Sensitive Information •