Lucene search
+L

32 matches found

WPVulnDB
WPVulnDB
added 2023/12/14 12:0 a.m.14 views

WP VR < 8.3.15 - Unauthenticated Plugin Downgrade leading to XSS

Description The plugin does not authorisation and CSRF in a function hooked to admininit, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities. v3.8.15 partially fixed the issue as the wrong capability chec...

6.1CVSS6.9AI score0.00219EPSS
Exploits1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/12/04 12:0 a.m.7 views

The vulnerability of the admin_init() function in the Swift Performance Lite plugin for WordPress content management system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the admininit function in the Swift Performance Lite plugin of the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

5.3CVSS6.4AI score0.00916EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2023/11/20 7:15 p.m.5 views

CVE-2023-5652

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admininit, allowing unauthenticated users to perform SQL injections...

9.8CVSS5.8AI score0.63711EPSS
Exploits2References1
OSV
OSV
added 2023/06/07 2:15 a.m.3 views

CVE-2021-4355

The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the downloadorderdetaillist, changeorderlist, and downloadmemberlist functions called via admininit hooks in versions up to, and including, 2.2.7. This makes it possible for...

5.3CVSS5.8AI score0.00806EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.3 views

PT-2023-12464 · WordPress · Welcart E-Commerce

Name of the Vulnerable Software and Affected Versions: Welcart e-Commerce plugin for WordPress versions up to and including 2.2.7 Description: The issue is related to missing capability checks on certain functions, specifically download orderdetail list, change orderlist, and download member list...

7.5CVSS5.1AI score0.00806EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/06/07 12:0 a.m.4 views

WordPress Plugin Welcart e-Commerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

7.5CVSS5.8AI score0.00806EPSS
Exploits1References3
0day.today
0day.today
added 2022/12/24 12:0 a.m.499 views

WordPress Yith WooCommerce Gift Cards Premium 3.19.0 Shell Upload Vulnerability

Description: Unauthenticated Arbitrary File Upload Affected Plugin: Yith WooCommerce Gift Cards Premium Plugin Slug: yith-woocommerce-gift-cards-premium Affected Versions: = 3.19.0 CVE ID: CVE-2022-45359 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N...

9.8CVSS0.4AI score0.13514EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2021/09/21 12:0 a.m.13 views

WP Mega Menu < 1.4.0 - Unauthenticated Arbitrary Post Access

The plugin does not properly check for capability and CSRF due to a logic flaw, in its exporttheme and exportwpmegamenunavmenu methods, hooked to admininit. As a result, unauthenticated users can call them and access arbitrary post data, including password protected or private ones. PoC Access an...

1.5AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2020/08/03 12:0 a.m.15 views

Product Input Fields for WooCommerce < 1.2.7 - Unauthenticated File Download

The lack of authorisation checks in the handledownloads function, hooked to admininit could allow unauthenticated users to download arbitrary files from the blog using a path traversal payload. PoC /wp-admin/admin-post.php?algwcpifdownloadfile=../../../../../wp-config.php...

3.5AI score
Exploits0References1Affected Software1
ThreatPost
ThreatPost
added 2019/05/17 7:28 p.m.141 views

WordPress WP Live Chat Support Plugin Fixes XSS Flaw

For the second time this month a patch has been issued for the WordPress add-on called WP Live Chat Support Plugin. This time around it’s a cross-site scripting XSS vulnerability. The WP Live Chat Support is a popular WordPress plugin that allows users to install a pop-up “chat” plugin to their...

7.5CVSS0.3AI score0.05062EPSS
Exploits1References11
myhack58
myhack58
added 2019/05/14 12:0 a.m.107 views

Easy WP SMTP v1. 3. 9)0 day vulnerability is being attacked in the process and reproducibility-vulnerability warning-the black bar safety net

Foreword Your own blog site with wordpres hosting, last month found some abnormalities. 3.12 days, the mailbox explosion, received more than 100 letter on the site is the blasting of the notification mail. ! Day to see also not strange, because before it appeared such a situation, every day there...

6.9AI score
Exploits0
WPVulnDB
WPVulnDB
added 2015/04/17 12:0 a.m.10 views

Mashshare <= 2.3.0 - Information Disclosure

The Mashshare plugin exposes a few AJAX commands via its own custom hook, which can be found in the file ‘includes/admin/admin-actions.php’, and the function ‘mashsbprocessactions’. This function is called upon the ‘admininit’ action being fired, which can be triggered by anyone when visiting the...

0.4AI score
Exploits0References2Affected Software1
Rows per page
Query Builder