9.8CVSS
7.2AI Score
0.006EPSS
9.8CVSS
7.2AI Score
0.002EPSS
9.8CVSS
7AI Score
0.039EPSS
5.5CVSS
5.5AI Score
0.001EPSS
Wear OS Security Bulletin—August 2023
The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2023-08-05 or later from the August 2023 Android Security Bulletin in addition to all issues in this bulletin. We encourage all...
7.8CVSS
7.4AI Score
0.001EPSS
7.1AI Score
9.8CVSS
7AI Score
0.166EPSS
The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete...
6.5CVSS
6.6AI Score
0.001EPSS
The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete...
6.5CVSS
6.7AI Score
0.001EPSS
The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete...
6.5CVSS
6.7AI Score
0.001EPSS
CVE-2023-0335 WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion
The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete...
6.9AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023)
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence. This database is continuously updated, maintained, and populated by Wordfence's highly credentialed and experienced vulnerability...
8.8CVSS
0.1AI Score
EPSS
WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion
The plugin has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete...
6.5CVSS
7.2AI Score
0.001EPSS
WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion
The plugin has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment. PoC Exploit (#1 attachment id delete): fetch('http://localhost/wp-admin/admin-ajax.php', { method: 'POST', headers: new Headers({ 'Content-Type':...
6.5CVSS
7AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.076EPSS
The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This.....
5.3CVSS
0.001EPSS
The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This.....
6.5CVSS
5.3AI Score
0.001EPSS
The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This.....
5.3CVSS
5.4AI Score
0.001EPSS
The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This.....
6.5CVSS
6.7AI Score
0.001EPSS
WP Shamsi < 4.1.1 - Unauthenticated Arbitrary Plugin Deactivation
The plugin does not have authorisation check when activating plugins via an action hooked to init(), which could allow unauthenticated attackers to deactivate arbitrary plugins from the...
5.3CVSS
5.1AI Score
0.001EPSS
WP ALL Export Pro < 1.7.9 - Authenticated Code Injection
The plugin does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be...
7.2CVSS
0.7AI Score
0.001EPSS
WP ALL Export Pro < 1.7.9 - Authenticated SQLi
The plugin uses the contents of the cc_sql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform...
8.8CVSS
AI Score
0.001EPSS
7.8CVSS
8.6AI Score
0.001EPSS
8.8CVSS
-0.3AI Score
0.531EPSS
9.8CVSS
-0.3AI Score
0.894EPSS
Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at...
4.3CVSS
0.001EPSS
Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at...
4.3CVSS
4.6AI Score
0.001EPSS
Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at...
4.3CVSS
4.7AI Score
0.001EPSS
WordPress WP Shamsi plugin <= 4.1.1 - Authenticated Plugin Setting change vulnerability
Authenticated Plugin Setting change vulnerability was discovered by Muhammad Daffa (Patchstack Alliance) in the WordPress WP Shamsi plugin (versions <= 4.1.1). Solution Update the WordPress WP Shamsi plugin to the latest available version (at least...
4.3CVSS
3.4AI Score
0.001EPSS
Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at...
4.3CVSS
5AI Score
0.001EPSS
WP Shamsi < 4.2.0 - Subscriber+ Settings Update
The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update...
4.3CVSS
3.5AI Score
0.001EPSS
9.8CVSS
-0.3AI Score
0.003EPSS
7.2CVSS
8.6AI Score
0.948EPSS
7.8CVSS
-0.4AI Score
0.001EPSS
...
9.8CVSS
-0.4AI Score
0.975EPSS
9.8CVSS
-0.3AI Score
0.226EPSS
9.8CVSS
-0.3AI Score
0.975EPSS
7.8CVSS
-0.3AI Score
0.076EPSS
10CVSS
-0.3AI Score
0.976EPSS
9.8CVSS
10AI Score
0.975EPSS
8.8CVSS
-0.3AI Score
0.002EPSS
7.5CVSS
-0.3AI Score
0.001EPSS
9.8CVSS
-0.3AI Score
0.002EPSS
7.8CVSS
-0.4AI Score
0.001EPSS
8.8CVSS
-0.3AI Score
0.18EPSS
7.5CVSS
-0.3AI Score
0.001EPSS
9.8CVSS
-0.3AI Score
0.971EPSS
9.8CVSS
-0.3AI Score
0.975EPSS
7.8CVSS
-0.3AI Score
0.076EPSS