39 matches found
EUVD-2020-24144
Malware in sbrugna...
EUVD-2021-34195
Malicious code in bioql PyPI...
CVE-2020-36702
The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the...
CVE-2021-4368
The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfmsavesettings AJAX action. This makes it possible for subscriber-level attackers to ed...
CVE-2021-4368
The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfmsavesettings AJAX action. This makes it possible for subscriber-level attackers to ed...
CVE-2020-36702
The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the...
CVE-2020-36702
The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the...
Remote code execution
The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfmsavesettings AJAX action. This makes it possible for subscriber-level attackers to ed...
CVE-2021-4368 Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload
The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfmsavesettings AJAX action. This makes it possible for subscriber-level attackers to ed...
CVE-2021-4368
The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change up to version 18.2 due to missing capability checks and a security nonce on the wpfm_save_settings AJAX action. This allows subscriber-level attackers to modify plugin settings (e.g., allowed upload file...
CVE-2020-36702
The CVE-2020-36702 entry concerns the WordPress plugin “Ultimate Addons for Gutenberg.” Vulnerability: authenticated users with subscriber+ roles can change plugin settings due to missing capability checks on several AJAX actions. Affected versions: up to and including 1.14.7. Impact: unauthorize...
CVE-2020-36702
The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the...
CVE-2020-36702 Spectra – WordPress Gutenberg Blocks <= 1.14.7 - Missing Authorization
The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the...
CVE-2022-36341 WordPress AS – Create Pinterest Pinboard Pages plugin <= 1.0 - Authenticated plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability
Authenticated subscriber+ plugin settings change leading to Stored Cross-Site Scripting XSS vulnerability in Akash soni's AS – Create Pinterest Pinboard Pages plugin = 1.0 at WordPress...
WordPress WP Quick FrontEnd Editor plugin <= 5.5 - Authenticated Settings Change and Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Settings Change and Stored Cross-Site Scripting XSS vulnerability found by Jerome Bruandet NinTechNet in WordPress WP Quick FrontEnd Editor plugin versions = 5.5. Solution 2021-01-18 - we were unable to find a patched version of this plugin. WordPress.org notification: "This plugin...
WordPress YITH WooCommerce Request A Quote plugin <=1.4.8 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability
Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Request A Quote plugin versions =1.4.8. Solution Update the WordPress YITH WooCommerce Request A Quote plugin to the latest available version at least 1.4.9...
WordPress YITH WooCommerce Multi Vendor plugin <=3.4.0 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability
Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Multi Vendor plugin versions =3.4.0. Solution Update the WordPress YITH WooCommerce Multi Vendor plugin to the latest available version at least 3.4.1...
WordPress YITH WooCommerce Cart Messages plugin <=1.4.4 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability
Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Cart Messages plugin versions =1.4.4. Solution Update the WordPress YITH WooCommerce Cart Messages plugin to the latest available version at least 1.4.5...
WordPress YITH WooCommerce Waiting List plugin <=1.3.10 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability
Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Waiting List plugin versions =1.3.10. Solution Update the WordPress YITH WooCommerce Waiting List plugin to the latest available version at least 1.3.11...
WordPress YITH WooCommerce Zoom Magnifier plugin <=1.3.11 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability
Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Zoom Magnifier plugin versions =1.3.11. Solution Update the WordPress YITH WooCommerce Zoom Magnifier plugin to the latest available version at least 1.3.12...