Vulnerabilities > Authorization Bypass Through User-Controlled Key

DATE CVE VULNERABILITY TITLE RISK
2024-12-12 CVE-2024-11181 The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wp_reusable_render' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-12-12 CVE-2024-12059 The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the eli_option_value shortcode.
network
low complexity
CWE-639
4.3
2024-12-12 CVE-2024-12483 Authorization Bypass Through User-Controlled Key vulnerability in Ujcms
A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3.
network
high complexity
ujcms CWE-639
5.9
2024-12-06 CVE-2024-10689 The XLTab – Accordions and Tabs for Elementor Page Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4 via the 'XLTAB_INSERT_TPL' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-12-06 CVE-2024-10692 The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-12-05 CVE-2024-10777 The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the 'INSERT_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-12-04 CVE-2024-10787 The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-12-04 CVE-2024-12099 The Dollie Hub – Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-12-03 CVE-2024-12062 The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-11-28 CVE-2024-10670 The Primary Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.2 via the [prim_elementor_template] shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3