2 results (0.003 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Nouthemes Leopard - WordPress offload media.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36. The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.36. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/leopard-wordpress-offload-media/wordpress-leopard-wordpress-offload-media-plugin-2-0-36-subscriber-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in nouthemes Leopard - WordPress offload media allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36. The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.36. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings. • https://patchstack.com/database/vulnerability/leopard-wordpress-offload-media/wordpress-leopard-wordpress-offload-media-plugin-2-0-36-subscriber-plugin-settings-change-vulnerability?_s_id=cve • CWE-862: Missing Authorization •