CVE-2023-0619

The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image...

WordPress plugin Media Library Folders 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2022-3995

The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lockunlockterawallet AJAX action. This makes it possible for authenticated attackers, with...

CVE-2022-3995

The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lockunlockterawallet AJAX action. This makes it possible for authenticated attackers, with...

CVE-2022-45363

Auth. subscriber+ Stored Cross-Site Scripting XSS in Muffingroup Betheme theme = 26.6.1 on WordPress...

PT-2022-26008 · WordPress · Phone Orders For Woocommerce

Name of the Vulnerable Software and Affected Versions: Phone Orders for WooCommerce plugin version 3.7.1 and earlier Description: The issue concerns a Sensitive Data Exposure vulnerability in the Phone Orders for WooCommerce plugin for WordPress, affecting authenticated users with subscriber or...

CVE-2022-40200

Auth. subscriber+ Arbitrary File Upload vulnerability in wpForo Forum plugin = 2.0.9 on WordPress...

PT-2022-25279 · WordPress · Wpforo Forum

Name of the Vulnerable Software and Affected Versions: wpForo Forum plugin versions prior to 2.0.9 Description: The issue is related to an Arbitrary File Upload vulnerability that affects authenticated subscribers and above in the wpForo Forum plugin on WordPress. Recommendations: For wpForo Foru...

CVE-2021-25084

The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced Cron Manager Pro WordPress plugin before 2.5.3 do not have authorisation checks in some of their AJAX actions, allowing any authenticated users, such as subscriber to call them and add or remove events as well as schedules for...

CVE-2021-24969

The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages such as admin dashboard and frontend. Due to the lack of authorisation and CSRF checks in the wpdmsavetemplate AJAX action, any authenticated users such a...