8807 matches found
CVE-2020-36717 Kali Forms <= 2.1.1 - Cross-Site Request Forgery
The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions v...
CVE-2020-36717 Kali Forms <= 2.1.1 - Cross-Site Request Forgery
The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions v...
CVE-2021-4359 Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. This is due to lacking authentication protections and lacking a security nonce on the wpfmdeletefile AJAX action. This makes it possible for...
CVE-2021-4357 uListing <= 1.6.6 - Unauthenticated Arbitrary Post/Page Deletion
The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::saveroleapi function in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to arbitrarily delete...
CVE-2021-4357
Summary : The WordPress uListing plugin is vulnerable to an authorization bypass in the function UlistingUserRole::save_role_api up to and including version 1.6.6 . The root cause is missing capability checks and a missing security nonce, which could allow unauthenticated attackers to arbitrarily...
CVE-2021-4357 uListing <= 1.6.6 - Unauthenticated Arbitrary Post/Page Deletion
The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::saveroleapi function in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to arbitrarily delete...
CVE-2020-36707
The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. This is due to confusing logic functions missing or having incorrect nonce validation. This makes it possible for unauthenticated attackers to gain and...
CVE-2021-4345 uListing <= 1.6.6 - Unauthenticated Arbitrary Roles and Capabilities Creation/Deletion
The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::saveroleapi method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities...
CVE-2020-36700 Page Builder: KingComposer < 2.9.4 - Authorization Bypass due to Improper Access Control
The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress...
CVE-2020-36700 Page Builder: KingComposer < 2.9.4 - Authorization Bypass due to Improper Access Control
The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress...
CVE-2020-36700
The CVE-2020-36700 entry concerns the WordPress Page Builder: KingComposer plugin. Affected component: KingComposer Page Builder for WordPress (versions up to and including 2.9.3). Root cause: an authorization bypass due to a security nonce being leaked on /wp-admin/index.php. Impact: authenticat...
CVE-2021-4341
Product: WordPress uListing plugin. Vulnerability: Authorization bypass via Ajax in the stm_update_email_data action due to missing capability checks, missing input validation, and a missing security nonce. Affects versions up to and including 1.6.6. Impact: Unauthenticated attackers can change a...
CVE-2021-4341 uListing <= 1.6.6 - Unauthenticated Wordpress Options Changes via AJAX
The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stmupdateemaildata AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated...
CVE-2021-4341 uListing <= 1.6.6 - Unauthenticated Wordpress Options Changes via AJAX
The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stmupdateemaildata AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated...
PT-2023-11369 · Unknown +1 · Materialis +1
Name of the Vulnerable Software and Affected Versions: Mesmerize versions up to, and including, 1.6.89 Materialis versions up to, and including, 1.0.172 Description: The issue allows authenticated attackers to change restricted options due to the companion disable popup function only checking the...
PT-2023-11849 · WordPress · Coming Soon & Maintenance Mode Page Plugin
Name of the Vulnerable Software and Affected Versions: Coming Soon & Maintenance Mode Page plugin for WordPress versions up to, and including, 1.57 Description: The issue arises from confusing logic functions missing or having incorrect nonce validation, making it possible for unauthenticated...
PT-2023-12444 · WordPress · Ulisting
Name of the Vulnerable Software and Affected Versions: uListing plugin for WordPress versions up to, and including, 1.6.6 Description: The issue allows for authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm update emai...
PT-2023-12480 · WordPress · Frontend File Manager
Name of the Vulnerable Software and Affected Versions: Frontend File Manager plugin for WordPress versions up to, and including, 18.2 Description: The issue arises from lacking authorization protections, checks against users editing other's posts, and a missing security nonce on the "wpfm edit fi...
PT-2023-12482 · WordPress · Wp Quick Frontend Editor
Name of the Vulnerable Software and Affected Versions: WP Quick FrontEnd Editor plugin for WordPress versions up to and including 5.5 Description: The issue is due to the lack of a security nonce and a capabilities check, allowing low-authenticated attackers to change plugin settings without prop...
PT-2023-11859 · WordPress · Kali Forms
Name of the Vulnerable Software and Affected Versions: Kali Forms plugin for WordPress versions up to, and including, 2.1.1 Description: The issue is due to incorrect nonce handling throughout the plugin's function, making it possible for unauthenticated attackers to access the plugin's...