漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Adminify < 4.2.10 - Contributor+ Sensitive Information Disclosure via Global Search AJAX
Vulnerability Description
The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role (Contributor) to disclose non-public content that WordPress would not otherwise expose to them, such as other authors' unpublished post titles, pending comment content, the site's Adminify WordPress plugin before 4.2.10 inventory, and user account names.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Liton Arefin Adminify 信息泄露漏洞
Vulnerability Description
Liton Arefin Adminify是孟加拉国Liton Arefin个人开发者的一款开发模板与开发框架产品。 Liton Arefin Adminify 4.2.10之前版本存在信息泄露漏洞,该漏洞源于未对管理搜索功能返回的结果执行按用户的读取能力检查,导致低权限用户(贡献者)能够披露非公开内容,例如其他作者的未发布文章标题、待审查评论内容、网站库存以及用户账户名称。
CVSS Information
N/A
Vulnerability Type
N/A