8807 matches found
PT-2023-22040 · WordPress · Wp Easycart
Name of the Vulnerable Software and Affected Versions: WP EasyCart plugin for WordPress versions up to, and including, 5.4.8 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the process deactivate product function. This allows...
PT-2023-17683 · WordPress · Essential Blocks
Name of the Vulnerable Software and Affected Versions: The Essential Blocks plugin for WordPress versions up to, and including, 4.0.6 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save function. This allows unauthenticated...
WordPress Plugin WP Activity Log 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
PT-2023-18734 · WordPress · Wp Activity Log
Name of the Vulnerable Software and Affected Versions: WP Activity Log for WordPress versions up to, and including, 4.5.0 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax run cleanup function. This allows unauthenticated...
PT-2023-22049 · Unknown · Wp Easycart
Name of the Vulnerable Software and Affected Versions: WP EasyCart plugin for WordPress versions up to, and including, 5.4.8 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the process bulk activate product function. This allows...
PT-2023-22038 · WordPress · Wp Easycart
Name of the Vulnerable Software and Affected Versions: WP EasyCart plugin for WordPress versions up to, and including, 5.4.8 Description: The issue is due to missing or incorrect nonce validation on the process bulk delete product function, making it possible for unauthenticated attackers to bulk...
PT-2023-17537 · WordPress · The Announcement & Notification Banner – Bulletin
Name of the Vulnerable Software and Affected Versions: The Announcement & Notification Banner – Bulletin plugin for WordPress versions up to, and including, 3.7.0 Description: The issue allows unauthenticated attackers to modify the plugin's settings, modify bulletins, create new bulletins, and...
PT-2023-20002 · WordPress · Easy Google Maps
Name of the Vulnerable Software and Affected Versions: Easy Google Maps plugin for WordPress versions up to and including 1.11.7 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the AJAX action handler. This allows unauthenticated...
PT-2023-17674 · WordPress · Essential Blocks
Name of the Vulnerable Software and Affected Versions: The Essential Blocks plugin for WordPress versions up to, and including, 4.0.6 Description: The issue arises from a missing capability check on the templates function, allowing unauthorized use of functionality. This enables subscriber-level...
CVE-2021-4381
The uListing plugin for WordPress is vulnerable to authorization bypass via wproute due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::importnewlayout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers t...
CVE-2021-4381
The uListing plugin for WordPress is vulnerable to authorization bypass via wproute due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::importnewlayout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers t...
CVE-2021-4371
The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not ha...
CVE-2021-4368
The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfmsavesettings AJAX action. This makes it possible for subscriber-level attackers to ed...
CVE-2021-4371
The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not ha...
CVE-2021-4368
The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfmsavesettings AJAX action. This makes it possible for subscriber-level attackers to ed...
CVE-2021-4341
The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stmupdateemaildata AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated...
CVE-2021-4345
The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::saveroleapi method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities...
CVE-2021-4341
The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stmupdateemaildata AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated...
CVE-2020-36717
The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions v...
CVE-2020-36700
The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress...