CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39556 – WordPress Mediavine Control Panel plugin <= 2.10.6 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-39556
16 Apr 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mediavine Mediavine Control Panel allows Retrieve Embedded Sensitive Data. This issue affects Mediavine Control Panel: from n/a through 2.10.6. The Mediavine Control Panel plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.10.6. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/mediavine-control-panel/vulnerability/wordpress-mediavine-control-panel-plugin-2-10-6-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43218 – WordPress Mediavine Control Panel plugin <= 2.10.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-43218
09 Aug 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mediavine Mediavine Control Panel allows Stored XSS.This issue affects Mediavine Control Panel: from n/a through 2.10.4. The Mediavine Control Panel plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.10.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and a... • https://patchstack.com/database/vulnerability/mediavine-control-panel/wordpress-mediavine-control-panel-plugin-2-10-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •