5 matches found
CVE-2025-0954
The WP Online Contract plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the jsonimport and jsonexport functions in all versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to import and export the plugin's setting...
CVE-2025-0954 WP Online Contract <= 5.1.4 - Missing Authorization to Unauthenticated Settings Import
The WP Online Contract plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the jsonimport and jsonexport functions in all versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to import and export the plugin's setting...
CVE-2025-0954 WP Online Contract <= 5.1.4 - Missing Authorization to Unauthenticated Settings Import
The WP Online Contract plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the jsonimport and jsonexport functions in all versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to import and export the plugin's setting...
WordPress plugin WP Online Contract 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress WP Online Contract plugin <= 5.1.4 - Missing Authorization to Unauthenticated Settings Import vulnerability
Missing Authorization to Unauthenticated Settings Import vulnerability discovered by Lucio Sá in WordPress Plugin WP Online Contract versions = 5.1.4...