cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-11292,https://securityvulnerability.io/vulnerability/CVE-2024-11292,Sensitive Information Exposure Vulnerability in WP Private Content Plus,"The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.",Wordpress,WP Private Content Plus,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-12-06T08:24:50.717Z,0
CVE-2024-0680,https://securityvulnerability.io/vulnerability/CVE-2024-0680,Unauthenticated Attackers Can View Protected Posts Due to Information Disclosure Vulnerability in WP Private Content Plus Plugin,"The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected posts.",Wordpress,WP Private Content Plus,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-28T08:33:06.596Z,0
CVE-2021-4385,https://securityvulnerability.io/vulnerability/CVE-2021-4385,Cross-Site Request Forgery Vulnerability in WP Private Content Plus Plugin,"The WP Private Content Plus plugin for WordPress is affected by a critical security flaw that permits Cross-Site Request Forgery (CSRF) in versions up to 3.1. The vulnerability stems from inadequate nonce verification within the save_groups() function. This weakness allows attackers to exploit the issue by tricking an administrator into performing unintended actions, such as clicking on a malicious link, thereby enabling unauthorized alterations to group memberships.",Wordpress,WP Private Content Plus,8.8,HIGH,0.0018700000364333391,false,,false,false,false,,,false,false,,2023-07-01T03:30:13.704Z,0
CVE-2019-15816,https://securityvulnerability.io/vulnerability/CVE-2019-15816,Unprotected Settings Changes in WP Private Content Plus Plugin for WordPress,"The WP Private Content Plus plugin for WordPress prior to version 2.0 is susceptible to a vulnerability that allows unauthorized users to change settings through the save_settings_page and other associated save functions. This lack of protection can lead to unauthorized modifications, potentially impacting the security and configuration of the site. Therefore, it is imperative for users to update to the latest version to safeguard against such exploits.",Wordpress,WP Private Content Plus,7.5,HIGH,0.0020000000949949026,false,,false,false,false,,,false,false,,2019-08-30T12:28:13.000Z,0