4 matches found
CVE-2026-39705
CVE-2026-39705 concerns the WordPress plugin MIPL WC Multisite Sync by Mulika Team, vulnerable through a missing/incorrect authorization mechanism. The issue affects versions through 1.4.4 and is categorized as Broken Access Control due to improperly configured access control security levels. Pub...
CVE-2024-12152
The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'miplwcsyncdownloadlog' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...
CVE-2024-12152
CVE-2024-12152 concerns the MIPL WC Multisite Sync WordPress plugin. The Wordfence entry confirms a directory traversal vulnerability that affects all versions up to 1.1.5 via the mipl_wc_sync_download_log action, enabling unauthenticated reading of arbitrary server files containing potentially s...
CVE-2024-12152 MIPL WC Multisite Sync <= 1.1.5 - Unauthenticated Arbitrary File Download
The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'miplwcsyncdownloadlog' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...