Lucene search
K

5 matches found

CNVD
CNVD
added 2021/11/04 12:0 a.m.16 views

WordPress Access Control Error Vulnerability

WordPress is the WordPress Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Plugin Hashthemes Demo Importer 1.1.1 and earlier is vulnerable to an access control...

8.1CVSS1.6AI score0.01016EPSS
Exploits1References1
OSV
OSV
added 2021/11/01 9:15 p.m.4 views

CVE-2021-39333

The Hashthemes Demo Importer Plugin = 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of...

8.1CVSS5.9AI score0.01016EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/11/01 12:0 a.m.7 views

WordPress和WordPress plugin 安全漏洞

WordPress is the WordPress Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Plugin Hashthemes Demo Importer 1.1.1 and earlier is vulnerable to an access control...

8.1CVSS5.8AI score0.01016EPSS
Exploits1References2
ThreatPost
ThreatPost
added 2021/10/27 9:39 p.m.21 views

WordPress Plugin Bug Lets Subscribers Wipe Sites

Researchers have discovered a homicidal WordPress plugin that allows subscribers to wipe sites clean of content. The high-severity security flaw is found in Hashthemes Demo Importer, a plugin that’s used in more than 8,000 active installations. According to security researchers at Wordfence, the...

6.9AI score
Exploits0References7
WPVulnDB
WPVulnDB
added 2021/10/26 12:0 a.m.25 views

HashThemes Demo Importer < 1.1.2 - Improper Access Control to Blog Reset

The plugin does not have capability checks in some of its AJAX action, relying on CSRF nonces for this, which are displayed for any authenticated users. As a result, a user with a role as low as subscriber could use the hdiinstalldemo AJAX action to reset the entire blog including the tables in t...

8.1CVSS7.6AI score0.01016EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder