CVE-2024-39537 – Junos OS Evolved: ACX7000 Series: Ports which have been inadvertently exposed can be reached over the network
https://notcve.org/view.php?id=CVE-2024-39537
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, specific processes which should only be able to communicate internally within the device can be reached over the network via open ports. This issue affects Junos OS Evolved on ACX 7000 Series: * All versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-S3-EVO, * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO. • https://supportportal.juniper.net/JSA82997 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVE-2024-38749 – WordPress Olive One Click Demo Import plugin <= 1.1.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-38749
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Olive Themes Olive One Click Demo Import allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Olive One Click Demo Import: from n/a through 1.1.2. The Olive One Click Demo Import plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to extract potentially sensitive information. • https://patchstack.com/database/vulnerability/olive-one-click-demo-import/wordpress-olive-one-click-demo-import-plugin-1-1-2-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-38756 – WordPress Coming Soon Page – Responsive Coming Soon & Maintenance Mode plugin <= 1.6.3 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-38756
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Weblizar Coming Soon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming Soon: from n/a through 1.6.3. The Coming Soon Page – Responsive Coming Soon & Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.3. This makes it possible for unauthenticated attackers to extract potentially sensitive information. • https://patchstack.com/database/vulnerability/responsive-coming-soon-page/wordpress-coming-soon-page-responsive-coming-soon-maintenance-mode-plugin-1-6-3-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-38699 – WordPress Wallet System for WooCommerce plugin <= 2.5.13 - Sensitive Data Exposure via Exported File vulnerability
https://notcve.org/view.php?id=CVE-2024-38699
Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wallet System for WooCommerce: from n/a through 2.5.13. The Wallet System for WooCommerce – Wallet, Digital Wallet, Cashback, Recharge User Wallets, Partial Payments, Wallet restriction, Refunds plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.13 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. • https://patchstack.com/database/vulnerability/wallet-system-for-woocommerce/wordpress-wallet-system-for-woocommerce-plugin-2-5-13-sensitive-data-exposure-via-exported-file-vulnerability? • CWE-532: Insertion of Sensitive Information into Log File CWE-862: Missing Authorization •
CVE-2024-38742 – WordPress MBE eShip plugin <= 2.1.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-38742
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MBE Worldwide S.P.A. MBE eShip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MBE eShip: from n/a through 2.1.2. The MBE eShip plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to extract potentially sensitive information. • https://patchstack.com/database/vulnerability/mail-boxes-etc/wordpress-mbe-eship-plugin-2-1-2-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •