Lucene search
+L

320 matches found

redhatcve
redhatcve
added 2025/02/05 6:15 p.m.12 views

CVE-2019-25149

The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security...

7.6CVSS6.4AI score0.00607EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/02/05 3:9 p.m.9 views

CVE-2020-36719

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lpccaddonsactions function. This makes it possible for unauthenticated attacker...

9.8CVSS6.6AI score0.04304EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/02/05 5:6 a.m.12 views

CVE-2024-10781

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'apikey' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for...

8.1CVSS8AI score0.03824EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/02/05 5:5 a.m.11 views

CVE-2024-10673

The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the topstoreinstallandactivatecallback function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS7.5AI score0.01146EPSS
Exploits2References1
patchstack
patchstack
added 2025/02/03 4:12 p.m.3 views

WordPress Starter Templates by FancyWP plugin <= 2.0.0 - CSRF to Arbitrary Plugin Installation vulnerability

CSRF to Arbitrary Plugin Installation vulnerability discovered by Abdi Pranata in WordPress Plugin Starter Templates by FancyWP versions = 2.0.0...

9.6CVSS7AI score0.00227EPSS
Exploits0Affected Software1
patchstack
patchstack
added 2025/02/03 4:12 p.m.9 views

WordPress Munk Sites plugin <= 1.0.7 - CSRF to Arbitrary Plugin Installation vulnerability

CSRF to Arbitrary Plugin Installation vulnerability discovered by Abdi Pranata in WordPress Plugin Munk Sites versions = 1.0.7...

9.6CVSS7AI score0.00531EPSS
Exploits2Affected Software1
vulnrichment
vulnrichment
added 2024/12/13 2:23 p.m.10 views

CVE-2023-28990 WordPress Viral Mag theme <= 1.0.9 - Authenticated Arbitrary Plugin Activation Vulnerability

Missing Authorization vulnerability in hashthemes Viral Mag viral-mag allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Mag: from n/a through = 1.0.9...

4.3CVSS6.9AI score0.00458EPSS
Exploits0References1
cvelist
cvelist
added 2024/12/13 2:23 p.m.21 views

CVE-2023-28990 WordPress Viral Mag theme <= 1.0.9 - Authenticated Arbitrary Plugin Activation Vulnerability

Missing Authorization vulnerability in HashThemes Viral Mag allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Mag: from n/a through 1.0.9...

4.3CVSS0.00458EPSS
Exploits0References1
cvelist
cvelist
added 2024/12/13 2:23 p.m.47 views

CVE-2023-27456 WordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin Activation

Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19...

4.3CVSS0.00458EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/12/13 2:23 p.m.12 views

CVE-2023-27456 WordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin Activation

Missing Authorization vulnerability in hashthemes Total total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through = 2.1.19...

4.3CVSS7.3AI score0.00458EPSS
Exploits0References1
patchstack
patchstack
added 2024/12/11 10:52 p.m.8 views

WordPress Zita Site Builder plugin <= 1.0.2 - Arbitrary Plugin Installation and Activation vulnerability

Arbitrary Plugin Installation and Activation vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Zita Site Builder versions = 1.0.2...

9.1CVSS7AI score0.01559EPSS
Exploits1Affected Software1
vulnrichment
vulnrichment
added 2024/12/09 11:31 a.m.8 views

CVE-2023-28416 WordPress Chankhe theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation vulnerability

Missing Authorization vulnerability in sparklewpthemes Chankhe chankhe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chankhe: from n/a through = 1.0.5...

4.3CVSS7.3AI score0.0038EPSS
Exploits0References1
cvelist
cvelist
added 2024/12/09 11:31 a.m.14 views

CVE-2023-28532 WordPress Real Estate Directory theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation

Missing Authorization vulnerability in wpdirectorykit.com Real Estate Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Directory: from n/a through 1.0.5...

4.3CVSS0.00371EPSS
Exploits0References1
patchstack
patchstack
added 2024/12/06 12:53 p.m.6 views

WordPress One Paze theme <= 2.2.8 - Authenticated Arbitrary Plugin Activation/Deactivation to RCE vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation to RCE vulnerability discovered by Mika Patchstack Alliance in WordPress Theme One Paze versions = 2.2.8...

7AI score0.00471EPSS
Exploits0Affected Software1
nvd
nvd
added 2024/12/06 6:15 a.m.27 views

CVE-2024-10578

The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnewsimporterpluginactionfornotice function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS0.01355EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2024/12/06 5:26 a.m.13 views

CVE-2024-10578 Pubnews <= 1.0.7 - Authenticated (Subscriber+) Arbitrary Plugin Installation

The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnewsimporterpluginactionfornotice function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS7.3AI score0.01355EPSS
Exploits1References3
cvelist
cvelist
added 2024/12/06 5:26 a.m.31 views

CVE-2024-10578 Pubnews <= 1.0.7 - Authenticated (Subscriber+) Arbitrary Plugin Installation

The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnewsimporterpluginactionfornotice function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS0.01355EPSS
Exploits1References3
thn
thn
added 2024/11/26 1:23 p.m.19 views

Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks

Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin for WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-1054...

9.8CVSS10AI score0.15236EPSS
Exploits1
nvd
nvd
added 2024/11/26 6:15 a.m.31 views

CVE-2024-10542

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for...

9.8CVSS0.15236EPSS
Exploits1References3
cvelist
cvelist
added 2024/11/26 5:33 a.m.37 views

CVE-2024-10542 Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for...

9.8CVSS0.15236EPSS
Exploits1References3
Rows per page
Query Builder