3 matches found
WordPress Felan Framework plugin <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actions vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Activation/Deactivation via processpluginactions vulnerability discovered by István Márton in WordPress Plugin Felan Framework versions = 1.1.4...
PT-2024-8848 · Unknown · Rendertune
Name of the Vulnerable Software and Affected Versions: RenderTune version 1.1.4 Description: The issue is related to a Cross-Site Scripting XSS vulnerability. It occurs due to inadequate protection of the web page structure when handling the Upload Title parameter. This allows a remote attacker t...
PT-2019-7738 · Pagelines +1 · Pagelines +1
Name of the Vulnerable Software and Affected Versions: PageLines theme version 1.1.4 Description: The issue concerns a CSRF vulnerability in the PageLines theme for WordPress. It affects the "wp-admin/admin-post.php?page=pagelines" endpoint. Recommendations: For PageLines theme version 1.1.4,...