126 matches found
Campaign Monitor Forms < 2.5.6 - Subscriber+ Arbitrary Options Update
Description The plugin does not prevent users with low privileges like subscribers from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS. Once the site gets at least 25 conversions using the plugin, a notice will show up on the...
Campaign Monitor Forms < 2.5.6 - Subscriber+ Arbitrary Options Update
Description The plugin does not prevent users with low privileges like subscribers from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS. PoC Once the site gets at least 25 conversions using the plugin, a notice will show up on the...
Design/Logic Flaw
The function updateshipmentstatusemailstatusfun in the plugin Advanced Shipment Tracking for WooCommerce in versions up to 3.2.6 is vulnerable to authenticated arbitrary options update. The function allows attackers including those at customer level to update any WordPress option in the database...
CVE-2021-4374 WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update
The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the processform.php file. This makes it possible for unauthenticated attackers to arbitrarily update the...
CVE-2021-4361 JobSearch WP Job Board <= 1.8.1 - Missing Authorization to Arbitrary Options Update
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearchjobintegrationssettinsave AJAX action in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to update arbitrary options on...
CVE-2021-4347
Summary: The WordPress plugin Advanced Shipment Tracking for WooCommerce (versions up to 3.2.6) is vulnerable due to the function update_shipment_status_email_status_fun , which allows authenticated attackers (including at customer level) to update any WordPress option in the database. The issue ...
CVE-2021-4347 Advanced Shipment Tracking for WooCommerce <= 3.2.6 - Authenticated WordPress Options Change
The function updateshipmentstatusemailstatusfun in the plugin Advanced Shipment Tracking for WooCommerce in versions up to 3.2.6 is vulnerable to authenticated arbitrary options update. The function allows attackers including those at customer level to update any WordPress option in the database...
PT-2023-12456 · Woocommerce · Advanced Shipment Tracking For Woocommerce
Name of the Vulnerable Software and Affected Versions: Advanced Shipment Tracking for WooCommerce versions up to 3.2.6 Description: The issue concerns the function update shipment status email status fun in the Advanced Shipment Tracking for WooCommerce plugin, which is vulnerable to authenticate...
Total Donations Plugin for WordPress < 2.0.6 Arbitrary Options Update
The WordPress Total Donations Plugin installed on the remote host is affected by an Arbitrary Options Update. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
CVE-2022-4872 WooCommerce Chained Products < 2.12.0 - Unauthenticated Arbitrary Options Update to 'no'
The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'...
CVE-2022-4872 WooCommerce Chained Products < 2.12.0 - Unauthenticated Arbitrary Options Update to 'no'
The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'...
CVE-2022-4426 Mautic Integration For WooCommerce < 1.0.3 - Arbitrary Options Update via CSRF
The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack...
WooCommerce Chained Products < 2.12.0 - Unauthenticated Arbitrary Options Update to 'no'
The plugin does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no' PoC As unauthenticated, open the following URL to set the Blog Name to 'no':...
Mautic Integration For WooCommerce < 1.0.3 - Arbitrary Options Update via CSRF
The plugin does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack. The attack could also be performed via a LFI if one is present ...
Mautic Integration For WooCommerce < 1.0.3 - Arbitrary Options Update via CSRF
The plugin does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack. The attack could also be performed via a LFI if one is present ...
CVE-2022-41978 WordPress Zoho CRM Lead Magnet plugin <= 1.7.5.8 - Auth. Arbitrary Options Update vulnerability
Auth. subscriber+ Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin = 1.7.5.8 on WordPress...
CVE-2022-41978
The CVE-2022-41978 issue affects the WordPress Zoho CRM Lead Magnet plugin, specifically versions up to 1.7.5.8 (and referenced guidance up to 1.7.6.x). The root cause is insufficient authorization and CSRF protections in certain AJAX actions, allowing authenticated users (e.g., subscriber level)...
CVE-2022-41978 WordPress Zoho CRM Lead Magnet plugin <= 1.7.5.8 - Auth. Arbitrary Options Update vulnerability
Auth. subscriber+ Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin = 1.7.5.8 on WordPress...
Zoho CRM Lead Magnet < 1.7.6.2 - Subscriber+ Arbitrary Options Update
The plugin does not have authorisation and CSRF in some AJAX actions, and does not ensure that the option to be updated belong to the plugin. As a result, any authenticated users, such as subscriber could update arbitrary blog options such as defaultrole and userscanregister. PoC v response.text...
Zoho CRM Lead Magnet < 1.7.6.2 - Subscriber+ Arbitrary Options Update
The plugin does not have authorisation and CSRF in some AJAX actions, and does not ensure that the option to be updated belong to the plugin. As a result, any authenticated users, such as subscriber could update arbitrary blog options such as defaultrole and userscanregister. v response.text...