555 matches found
CVE-2023-1333
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clearpagecache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delet...
PT-2023-15918 · WordPress · Backupwordpress
Name of the Vulnerable Software and Affected Versions: BackupWordPress plugin for WordPress versions up to, and including 3.12 Description: The issue is related to information disclosure due to missing authorization on the heartbeat received function, which triggers on WordPress heartbeat. This...
PT-2023-15919 · WordPress · Total Upkeep
Name of the Vulnerable Software and Affected Versions: Total Upkeep plugin for WordPress versions up to, and including 1.14.13 Description: The issue is related to information disclosure due to missing authorization on the heartbeat received function, which triggers on WordPress heartbeat. This...
CVE-2023-1024
The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to generate sitemaps...
VulnCheck KEV: CVE-2023-0711
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavestate function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...
CVE-2023-0619
The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image...
WordPress plugin Media Library Folders 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2022-3995
The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lockunlockterawallet AJAX action. This makes it possible for authenticated attackers, with...
CVE-2022-3995
The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lockunlockterawallet AJAX action. This makes it possible for authenticated attackers, with...
CVE-2022-45363
Auth. subscriber+ Stored Cross-Site Scripting XSS in Muffingroup Betheme theme = 26.6.1 on WordPress...
PT-2022-26008 · WordPress · Phone Orders For Woocommerce
Name of the Vulnerable Software and Affected Versions: Phone Orders for WooCommerce plugin version 3.7.1 and earlier Description: The issue concerns a Sensitive Data Exposure vulnerability in the Phone Orders for WooCommerce plugin for WordPress, affecting authenticated users with subscriber or...
CVE-2022-40200
Auth. subscriber+ Arbitrary File Upload vulnerability in wpForo Forum plugin = 2.0.9 on WordPress...
PT-2022-25279 · WordPress · Wpforo Forum
Name of the Vulnerable Software and Affected Versions: wpForo Forum plugin versions prior to 2.0.9 Description: The issue is related to an Arbitrary File Upload vulnerability that affects authenticated subscribers and above in the wpForo Forum plugin on WordPress. Recommendations: For wpForo Foru...
CVE-2021-25084
The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced Cron Manager Pro WordPress plugin before 2.5.3 do not have authorisation checks in some of their AJAX actions, allowing any authenticated users, such as subscriber to call them and add or remove events as well as schedules for...
CVE-2021-24969
The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages such as admin dashboard and frontend. Due to the lack of authorisation and CSRF checks in the wpdmsavetemplate AJAX action, any authenticated users such a...