Lucene search
+L

7 matches found

cvelist
cvelist
added yesterday17 views

CVE-2026-15350 The Cache Purger <= 2.3.20 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Log Deletion via 'the_log_purge' Parameter

The The Cache Purger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.3.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS0.00222EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2024/01/16 3:55 p.m.5 views

CVE-2023-3178 POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability delete arbitrary logs via a CSRF attack...

4.6AI score0.00266EPSS
Exploits2References1
cvelist
cvelist
added 2024/01/16 3:55 p.m.34 views

CVE-2023-3178 POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability delete arbitrary logs via a CSRF attack...

4.9AI score0.00266EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/11/28 12:0 a.m.174 views

WP Mail Log < 1.1.3 – Incorrect Authorization in REST API Endpoints

Description The plugin does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users. The following actions may be taken by a Contributor user: --- /wmllogs - Information leak Execute the followi...

7.6CVSS7.5AI score0.00499EPSS
Exploits2
wpvulndb
wpvulndb
added 2023/06/26 12:0 a.m.16 views

POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF

The plugin does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability delete arbitrary logs via a CSRF attack. Note: The AJAX actions are also affected by SQL injections, making the issue PoC Make a logged in...

7AI score0.00266EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2023/04/03 12:0 a.m.36 views

WPCode Lite < 2.0.9 - Arbitrary Log File Deletion via CSRF

The plugin has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcodeactivatesnippets capability delete arbitrary log files on the server, including outside of the blog folders PoC Ma...

6.5CVSS6.7AI score0.00307EPSS
Exploits2Affected Software1
nvd
nvd
added 2021/08/12 10:15 p.m.22 views

CVE-2020-20989

A cross-site request forgery CSRF in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs...

4.3CVSS0.00483EPSS
Exploits1References1
Rows per page
Query Builder