Lucene search
+L

320 matches found

vulnrichment
vulnrichment
added 2024/03/25 4:46 a.m.13 views

CVE-2023-33923 Broken Access Control leading to Arbitrary Plugin Activation in multiple HashThemes themes

Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.This issue affects Viral News: from n/a through 1.4.5; Viral: from n/a through 1.8.0; HashOne: from n/a through 1.3.0...

4.3CVSS7AI score0.00503EPSS
Exploits0References3
attackerkb
attackerkb
added 2024/02/05 10:15 p.m.9 views

CVE-2023-6985

The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with...

8.8CVSS5.6AI score0.01365EPSS
Exploits1References3
openvas
openvas
added 2023/12/21 12:0 a.m.12 views

WordPress Ocean Extra Plugin < 2.2.3 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oceanwp:oceanextra"; if description...

8.8CVSS7AI score0.00286EPSS
Exploits0References1
nvd
nvd
added 2023/10/03 1:15 p.m.21 views

CVE-2023-40201

Cross-Site Request Forgery CSRF vulnerability in FuturioWP Futurio Extra plugin = 1.8.4 versions leads to activation of arbitrary plugin...

8.8CVSS7.3AI score0.00254EPSS
Exploits0References1
osv
osv
added 2023/10/03 1:15 p.m.6 views

CVE-2023-40201

Cross-Site Request Forgery CSRF vulnerability in FuturioWP Futurio Extra plugin = 1.8.4 versions leads to activation of arbitrary plugin...

8.8CVSS7.4AI score0.00254EPSS
Exploits0References1
prion
prion
added 2023/10/03 1:15 p.m.17 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in FuturioWP Futurio Extra plugin = 1.8.4 versions leads to activation of arbitrary plugin...

6.8CVSS8.9AI score0.00254EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2023/08/15 9:15 a.m.25 views

CVE-2023-2916

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'adminnotice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. ...

7.5CVSS7.4AI score0.20888EPSS
Exploits2References3
vulnrichment
vulnrichment
added 2023/08/15 8:32 a.m.17 views

CVE-2023-2916 InfiniteWP Client <= 1.11.1 - Authenticated (Subscriber+) Sensitive Information Exposure

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'adminnotice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. ...

7.5CVSS6.7AI score0.20888EPSS
Exploits2References3
githubexploit
githubexploit
added 2023/08/09 6:24 p.m.780 views

Exploit for Missing Authorization in Wpdeveloper Simple_301_Redirects

CVE-2021-24356 Simple 301 Redirects by BetterLinks - 2.0.0 – 2...

8.8CVSS8.7AI score0.02997EPSS
Exploits3
osv
osv
added 2023/06/27 2:15 p.m.6 views

CVE-2023-2877

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the...

8.8CVSS5.9AI score0.22452EPSS
Exploits3References1
attackerkb
attackerkb
added 2023/06/09 6:16 a.m.1 views

CVE-2023-2280

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxpublic' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin...

6.5CVSS6AI score0.00601EPSS
Exploits0References4
nvd
nvd
added 2023/06/07 2:15 a.m.23 views

CVE-2022-4950

Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber...

8.8CVSS8.9AI score0.01377EPSS
Exploits0References3
nvd
nvd
added 2023/06/07 2:15 a.m.24 views

CVE-2020-36731

The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction function...

7.2CVSS6.4AI score0.01342EPSS
Exploits1References3
osv
osv
added 2023/06/07 2:15 a.m.9 views

CVE-2020-36719

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lpccaddonsactions function. This makes it possible for unauthenticated attacker...

9.8CVSS5.8AI score0.04304EPSS
Exploits1References3
nvd
nvd
added 2023/06/07 2:15 a.m.19 views

CVE-2020-36719

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lpccaddonsactions function. This makes it possible for unauthenticated attacker...

9.8CVSS9.4AI score0.04304EPSS
Exploits1References3
nvd
nvd
added 2023/06/07 2:15 a.m.16 views

CVE-2019-25149

The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security...

7.6CVSS7.3AI score0.00607EPSS
Exploits1References2
prion
prion
added 2023/06/07 2:15 a.m.15 views

Design/Logic Flaw

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lpccaddonsactions function. This makes it possible for unauthenticated attacker...

7.5CVSS9.2AI score0.04304EPSS
Exploits1References3Affected Software1
cve
cve
added 2023/06/07 1:51 a.m.57 views

CVE-2022-4950

CVE-2022-4950 affects WordPress plugins developed by Cool Plugins. Affected component is arbitrary plugin installation/activation that can lead to remote code execution by authenticated users with minimal permissions (e.g., subscriber). Attack vector inferred as network-based from CVSS metrics, w...

8.8CVSS8.8AI score0.01377EPSS
Exploits0References3Affected Software10
cvelist
cvelist
added 2023/06/07 1:51 a.m.26 views

CVE-2019-25149 Gallery Images Ape <= 2.0.6 - Authenticated Plugin Deactivation

The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security...

7.6CVSS7.3AI score0.00607EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2023/06/07 1:51 a.m.15 views

CVE-2019-25149 Gallery Images Ape <= 2.0.6 - Authenticated Plugin Deactivation

The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security...

7.6CVSS5.8AI score0.00607EPSS
Exploits1References2
Rows per page
Query Builder