Lucene search
+L

16 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 4:23 a.m.9 views

CVE-2021-4448

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions...

9.8CVSS6.9AI score0.01342EPSS
Exploits0References4
NVD
NVD
added 2024/10/16 7:15 a.m.29 views

CVE-2021-4448

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions...

9.8CVSS0.01342EPSS
Exploits0References2
OSV
OSV
added 2024/10/16 7:15 a.m.7 views

CVE-2021-4448

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions...

9.8CVSS5.9AI score0.01342EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/16 6:43 a.m.26 views

CVE-2021-4448 Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions...

7.3CVSS0.01342EPSS
Exploits0References2
CVE
CVE
added 2024/10/16 6:43 a.m.61 views

CVE-2021-4448

Summary (CVE-2021-4448) Kaswara Modern VC Addons for WordPress is affected up to version 3.0.1 by an authorization bypass due to insufficient capability checks on multiple AJAX actions. This allows unauthenticated attackers to perform unauthorized actions such as importing data and uploading or d...

9.8CVSS7.3AI score0.01342EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/16 6:43 a.m.13 views

CVE-2021-4448 Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions...

7.3CVSS7.2AI score0.01342EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.4 views

WordPress plugin Kaswara Modern VC Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

9.8CVSS6.7AI score0.01342EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/07/13 12:0 a.m.9 views

The vulnerability of the Kaswara Modern VC Addon for WordPress content management system allows for unlimited loading of dangerous files, enabling attackers to download and execute arbitrary files.

The vulnerability of the Kaswara Modern VC Addon for WordPress content management system is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to download and execute arbitrary files remotely...

9.8CVSS8.2AI score0.4214EPSS
Exploits3References5Affected Software1
CNVD
CNVD
added 2021/05/20 12:0 a.m.9 views

WordPress plugin code issue vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A code issue vulnerability exists in Kaswara Modern VC...

9.8CVSS6.9AI score0.4214EPSS
Exploits3References1
NVD
NVD
added 2021/05/14 12:15 p.m.45 views

CVE-2021-24284

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP...

9.8CVSS0.4214EPSS
Exploits3References3
Prion
Prion
added 2021/05/14 12:15 p.m.19 views

Directory traversal

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP...

7.5CVSS9.6AI score0.4214EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2021/05/14 11:38 a.m.48 views

CVE-2021-24284 Kaswara Modern VC Addons <= 3.0.1 - Unauthenticated Arbitrary File Upload

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP...

9.9AI score0.4214EPSS
Exploits3References3
CNNVD
CNNVD
added 2021/05/14 12:0 a.m.16 views

WordPress plugin 代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A code issue vulnerability exists in Kaswara Modern VC...

9.8CVSS5.9AI score0.4214EPSS
Exploits3References6
Positive Technologies
Positive Technologies
added 2021/05/14 12:0 a.m.9 views

PT-2021-3535 · WordPress · Kaswara Modern Vc Addons

Name of the Vulnerable Software and Affected Versions: Kaswara Modern VC Addons versions through 3.0.1 Description: The issue is related to unlimited file upload of dangerous types. Exploitation can allow a remote attacker to upload and execute arbitrary files. The vulnerability allows...

9.8CVSS9.4AI score0.4214EPSS
Exploits3References9
ATTACKERKB
ATTACKERKB
added 2021/05/14 12:0 a.m.63 views

CVE-2021-24284

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the ‘uploadFontIcon’ AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP. Recent...

9.8CVSS9.6AI score0.4214EPSS
In wildExploits3References4
wpexploit
wpexploit
added 2021/04/20 12:0 a.m.286 views

Kaswara Modern VC Addons (0-day) - Unauthenticated Arbitrary File Upload

The plugin allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP. The vendor has been unresponsive to both the reporter and Envato,...

7.5CVSS1.6AI score0.4214EPSS
Exploits3References1
Rows per page
Query Builder