Lucene search
K

555 matches found

OSV
OSV
added 2023/03/10 8:15 p.m.4 views

CVE-2023-1333

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clearpagecache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delet...

4.3CVSS7.3AI score0.00548EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/07 12:0 a.m.6 views

PT-2023-15918 · WordPress · Backupwordpress

Name of the Vulnerable Software and Affected Versions: BackupWordPress plugin for WordPress versions up to, and including 3.12 Description: The issue is related to information disclosure due to missing authorization on the heartbeat received function, which triggers on WordPress heartbeat. This...

4.3CVSS4.2AI score0.00458EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/03/07 12:0 a.m.5 views

PT-2023-15919 · WordPress · Total Upkeep

Name of the Vulnerable Software and Affected Versions: Total Upkeep plugin for WordPress versions up to, and including 1.14.13 Description: The issue is related to information disclosure due to missing authorization on the heartbeat received function, which triggers on WordPress heartbeat. This...

4.3CVSS4.2AI score0.00572EPSS
Exploits0References6
OSV
OSV
added 2023/02/28 1:15 p.m.5 views

CVE-2023-1024

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to generate sitemaps...

4.3CVSS5.8AI score0.00538EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2023/02/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-0711

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavestate function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...

5.4CVSS6.5AI score0.00576EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/02/01 8:15 p.m.3 views

CVE-2023-0619

The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image...

6.5CVSS6.8AI score0.00677EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/13 12:0 a.m.4 views

WordPress plugin Media Library Folders 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

4.3CVSS5.2AI score0.00568EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/11/29 9:15 p.m.3 views

CVE-2022-3995

The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lockunlockterawallet AJAX action. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00556EPSS
Exploits0References3
OSV
OSV
added 2022/11/29 9:15 p.m.6 views

CVE-2022-3995

The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lockunlockterawallet AJAX action. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00556EPSS
Exploits0References2
OSV
OSV
added 2022/11/22 8:15 a.m.6 views

CVE-2022-45363

Auth. subscriber+ Stored Cross-Site Scripting XSS in Muffingroup Betheme theme = 26.6.1 on WordPress...

5.4CVSS5.8AI score0.00383EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/18 12:0 a.m.7 views

PT-2022-26008 · WordPress · Phone Orders For Woocommerce

Name of the Vulnerable Software and Affected Versions: Phone Orders for WooCommerce plugin version 3.7.1 and earlier Description: The issue concerns a Sensitive Data Exposure vulnerability in the Phone Orders for WooCommerce plugin for WordPress, affecting authenticated users with subscriber or...

6.5CVSS6.3AI score0.00591EPSS
Exploits0References4
OSV
OSV
added 2022/11/17 11:15 p.m.8 views

CVE-2022-40200

Auth. subscriber+ Arbitrary File Upload vulnerability in wpForo Forum plugin = 2.0.9 on WordPress...

8.8CVSS5.8AI score0.00868EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/17 12:0 a.m.11 views

PT-2022-25279 · WordPress · Wpforo Forum

Name of the Vulnerable Software and Affected Versions: wpForo Forum plugin versions prior to 2.0.9 Description: The issue is related to an Arbitrary File Upload vulnerability that affects authenticated subscribers and above in the wpForo Forum plugin on WordPress. Recommendations: For wpForo Foru...

9.9CVSS8.4AI score0.00868EPSS
Exploits0References4
OSV
OSV
added 2022/02/07 4:15 p.m.3 views

CVE-2021-25084

The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced Cron Manager Pro WordPress plugin before 2.5.3 do not have authorisation checks in some of their AJAX actions, allowing any authenticated users, such as subscriber to call them and add or remove events as well as schedules for...

4.3CVSS5.8AI score0.0065EPSS
Exploits2References1
OSV
OSV
added 2021/12/27 11:15 a.m.4 views

CVE-2021-24969

The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages such as admin dashboard and frontend. Due to the lack of authorisation and CSRF checks in the wpdmsavetemplate AJAX action, any authenticated users such a...

5.4CVSS6.1AI score0.006EPSS
Exploits2References1
Rows per page
Query Builder