Lucene search
K

64 matches found

Cvelist
Cvelist
added 2023/03/27 3:37 p.m.51 views

CVE-2020-36666 Multiple e-plugins - Subscriber+ Privilege Escalation

The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPre...

8.6AI score0.00905EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2023/03/06 12:0 a.m.38 views

Multiple e-plugins - Subscriber+ Privilege Escalation

The plugins, sold by the same developer e-plugins, do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function ivdirectoriesupdateprofilesetting uses updateusermeta with any data provided by the ajax call, which can be used to give the logged in...

8.8CVSS8.4AI score0.00905EPSS
Exploits2References1Affected Software11
wpexploit
wpexploit
added 2023/03/06 12:0 a.m.108 views

Multiple e-plugins - Subscriber+ Privilege Escalation

The plugins, sold by the same developer e-plugins, do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function ivdirectoriesupdateprofilesetting uses updateusermeta with any data provided by the ajax call, which can be used to give the logged in...

8.8CVSS8.6AI score0.00905EPSS
Exploits2References1
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.59 views

CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation]

Exploit Title: CVE-2015-4038 - WordPress WP Membership plugin Privilege escalation Contact: https://twitter.com/panVagenas Vendor Homepage: http://wpmembership.e-plugins.com/ Software Link: http://codecanyon.net/item/wp-membership/10066554 Version: 1.2.3 Tested on: WordPress 4.2.2 CVE:...

6.5CVSS0.4AI score0.08311EPSS
Exploits3
Rows per page
Query Builder