Lucene search
K

17 matches found

Patchstack
Patchstack
added 2026/06/05 8:49 a.m.11 views

WordPress Hybrid Composer plugin <= 1.4.6 Unauthenticated Settings Change vulnerability

WordPress Hybrid Composer plugin = 1.4.6 Unauthenticated Settings Change vulnerability discovered by ? in WordPress Plugin Hybrid Composer versions = 1.4.6...

9.8CVSS5.4AI score0.00347EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/04 2:16 p.m.8 views

CVE-2019-25738

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hcajaxsaveoption action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to...

9.8CVSS0.00347EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/04 1:22 p.m.10 views

CVE-2019-25738 WordPress Hybrid Composer 1.4.6 Unauthenticated Settings Change

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hcajaxsaveoption action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/04 1:22 p.m.9 views

EUVD-2019-20174

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hcajaxsaveoption action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References5
CVE
CVE
added 2026/06/04 1:22 p.m.20 views

CVE-2019-25738

The CVE affects WordPress Hybrid Composer 1.4.6, where an unauthenticated attacker can exploit the hc_ajax_save_option action via admin-ajax.php to modify WordPress options, enabling user registration and setting the default role to administrator, potentially leading to account takeover. The issu...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/04 1:22 p.m.34 views

CVE-2019-25738 WordPress Hybrid Composer 1.4.6 Unauthenticated Settings Change

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hcajaxsaveoption action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to...

9.8CVSS0.00347EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:22 p.m.8 views

CVE-2019-25738

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hcajaxsaveoption action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

WordPress plugin Hybrid Composer 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS5.4AI score0.00347EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.13 views

PT-2026-46208

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc ajax save option action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set t...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References6
Check Point Advisories
Check Point Advisories
added 2019/08/14 12:0 a.m.1 views

WordPress Hybrid Composer Plugin Arbitrary Option Update

An arbitrary option update vulnerability exists in WordPress Hybrid Composer plugin. A remote authenticated attacker may exploit this vulnerability to gain administrator privileges...

2.9AI score
Exploits0
exploitpack
exploitpack
added 2019/07/24 12:0 a.m.12 views

WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions

WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions Exploit Title: Wordpress Hybrid Composer = 1.4.6 - Unauthenticated Configuration Access Admin Takeover Date: 2019-07-24 Vendor Homepage: http://wordpress.framework-y.com Software Link:...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/07/24 12:0 a.m.32 views

WordPress Hybrid Composer 1.4.6 Plugin - Improper Access Restrictions Exploit

Exploit for php platform in category web applications Exploit Title: Wordpress Hybrid Composer = 1.4.6 - Unauthenticated Configuration Access Admin Takeover Vendor Homepage: http://wordpress.framework-y.com Software Link: http://wordpress.framework-y.com/hybrid-composer/ Reference:...

Exploits0
Packet Storm
Packet Storm
added 2019/07/24 12:0 a.m.177 views

WordPress Hybrid Composer 1.4.6 Unauthenticated Access

Exploit Title: Wordpress Hybrid Composer = 1.4.6 - Unauthenticated Configuration Access Admin Takeover Date: 2019-07-24 Vendor Homepage: http://wordpress.framework-y.com Software Link: http://wordpress.framework-y.com/hybrid-composer/ Reference:...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2019/07/24 12:0 a.m.768 views

WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions

Exploit Title: Wordpress Hybrid Composer = 1.4.6 - Unauthenticated Configuration Access Admin Takeover Date: 2019-07-24 Vendor Homepage: http://wordpress.framework-y.com Software Link: http://wordpress.framework-y.com/hybrid-composer/ Reference:...

7.4AI score
Exploits0
Patchstack
Patchstack
added 2019/07/13 12:0 a.m.11 views

WordPress Hybrid Composer plugin <= 1.4.6 - Unauthenticated Options Update vulnerability

Unauthenticated Options Update vulnerability found by rootetsy in WordPress Hybrid Composer plugin versions = 1.4.6. Solution Update the WordPress Hybrid Composer plugin to the latest available version at least 1.4.7...

2.4AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/07/10 12:0 a.m.9 views

Hybrid Composer <= 1.4.6 - Unauthenticated Options Update

This plugin has a function to update Wordpress options via Ajax and it's set with the following: addaction'wpajaxnoprivhcajaxsaveoption', 'hcajaxsaveoption'; Which means it does not require authentication and is exploitable by anyone on the internet. I've already spoken to the plugin author about...

2.8AI score
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2019/07/10 12:0 a.m.12 views

Hybrid Composer <= 1.4.6 - Unauthenticated Options Update

This plugin has a function to update Wordpress options via Ajax and it's set with the following: addaction'wpajaxnoprivhcajaxsaveoption', 'hcajaxsaveoption'; Which means it does not require authentication and is exploitable by anyone on the internet. I've already spoken to the plugin author about...

2.2AI score
Exploits0References2
Rows per page
Query Builder