PT-2022-16200 · WordPress · Yaysmtp

Name of the Vulnerable Software and Affected Versions: YaySMTP WordPress plugin versions prior to 2.2.1 Description: The issue allows any logged-in users, such as subscribers, to view the logs of the plugin due to a lack of capability check in an AJAX action. Recommendations: For YaySMTP WordPres...

YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure

The plugin does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin PoC @author : 0xshdax Rafshanzani Suhada @usage : python3 script.py http://localhost import requests, sys, re, json Setup here url = sys.argv1 headers =...

Moodle Unauthorized searching of arbitrary blogs by typing full url

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing...

GHSA-9X63-M3CC-QF3G Moodle Unauthorized searching of arbitrary blogs by typing full url

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing...

GHSA-5282-96FF-XX3H Moodle sensitive information disclosure

The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users...

Moodle sensitive information disclosure

The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users...

CVE-2022-1329

The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the /core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files...

VulnCheck KEV: CVE-2022-1329

The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the /core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious...

Elementor 3.6.0-3.6.2 - Subscriber+ Arbitrary File Upload

The plugin is lacking capability check in a function hooked to admininit introduced in v3.6.0, and only relying on a CSRF check. As the nonce is available to any authenticated users, they could call it and upload a malicious zip archive containing arbitrary files via a subsequent call, leading to...

CVE-2022-0218

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

Design/Logic Flaw

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

CVE-2022-0218 WP HTML Mail <= 3.0.9 Missing Authorization on REST-API Route

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

CVE-2022-0236

The WP Import Export WordPress plugin both free and premium versions is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpieprocessfiledownload found in the /includes/classes/class-wpie-general.php file. This made it possible for...

Design/Logic Flaw

The WP Import Export WordPress plugin both free and premium versions is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpieprocessfiledownload found in the /includes/classes/class-wpie-general.php file. This made it possible for...

CVE-2022-0236 WP Import Export (Lite) <= 3.9.15 Unauthenticated Sensitive Data Disclosure

The WP Import Export WordPress plugin both free and premium versions is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpieprocessfiledownload found in the /includes/classes/class-wpie-general.php file. This made it possible for...

CVE-2022-0236

CVE-2022-0236 affects the WordPress plugin WP Import Export (free & premium) up to version 3.9.15. The root cause is a missing capability check in the download function wpie_process_file_download (in ~/includes/classes/class-wpie-general.php), allowing unauthenticated attackers to disclose sensit...

WP Import Export < 3.9.16 - Unauthenticated Sensitive Data Disclosure

The plugins are vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpieprocessfiledownload found in the /includes/classes/class-wpie-general.php file. This made it possible for unauthenticated attackers to download any imported or...

VulnCheck KEV: CVE-2022-0218

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

Qubely < 1.7.8 - Subscriber+ Arbitrary Post Deletion

The plugin does not have authorisation and CSRF check on the qubelydeletesavedblock AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts Note: v1.7.7 added capability check, CSRF che...

VulnCheck KEV: CVE-2021-39317

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback function found in the /demo-functions.php file or...