Lucene search
K

221 matches found

Vulnrichment
Vulnrichment
added 2021/12/15 6:6 p.m.7 views

CVE-2021-36888 WordPress Image Hover Effects Ultimate plugin <= 9.6.1 - Unauthenticated Arbitrary Options Update leading to full website compromise

Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate versions = 9.6.1 WordPress plugin...

9.8CVSS9.6AI score0.0674EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/12/15 6:6 p.m.22 views

CVE-2021-36888 WordPress Image Hover Effects Ultimate plugin <= 9.6.1 - Unauthenticated Arbitrary Options Update leading to full website compromise

Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate versions = 9.6.1 WordPress plugin...

9.8CVSS9.6AI score0.0674EPSS
Exploits1References2
CVE
CVE
added 2021/12/15 6:6 p.m.57 views

CVE-2021-36888

The CVE-2021-36888 entry affects the WordPress plugin Image Hover Effects Ultimate (versions

9.8CVSS9.4AI score0.0674EPSS
In wildExploits1References2Affected Software1
Patchstack
Patchstack
added 2021/12/15 12:0 a.m.16 views

WordPress Image Hover Effects Ultimate plugin <= 9.6.1 - Unauthenticated Arbitrary Options Update leading to full website compromise

Unauthenticated Arbitrary Options Update leading to full website compromise discovered by mirphak aka John Castro Pagely in WordPress Image Hover Effects Ultimate plugin versions = 9.6.1. Solution Update the WordPress Image Hover Effects Ultimate plugin to the latest available version at least 9....

9.8CVSS2.3AI score0.0674EPSS
Exploits1References2Affected Software1
ThreatPost
ThreatPost
added 2021/12/10 4:19 p.m.30 views

Sprawling Active Attack Aims to Take Over 1.6M WordPress Sites

An active attack against more than 1.6 million WordPress sites is underway, with researchers spotting tens of millions of attempts to exploit four different plugins and several Epsilon Framework themes. The goal, they said, is complete site takeover using administrative privileges. The scope of t...

8.5AI score
Exploits0References26
The Hacker News
The Hacker News
added 2021/12/10 11:49 a.m.18 views

1.6 Million WordPress Sites Under Cyberattack From Over 16,000 IP Addresses

As many as 1.6 million WordPress sites have been targeted by an active large-scale attack campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes. WordPress security company Wordfence, which disclosed details of the attacks, said...

0.6AI score
Exploits0
wpexploit
wpexploit
added 2021/12/08 12:0 a.m.57 views

PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise

The plugin does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any...

9.8CVSS0.6AI score0.06745EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/10/05 12:0 a.m.12 views

JobSearch WP Job Board < 1.8.2 - Subscriber+ Arbitrary Blog Options Update

The jobsearchjobintegrationssettinsave AJAX action of the plugin, available to any authenticated user, does not have authorisation and CSRF in place, allowing any authenticated user, such as subscriber to call it and modify arbitrary blog options...

2.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/06 12:0 a.m.12 views

WordPress Automatic < 3.53.3 - Unauthenticated Arbitrary Options Update

The plugin was vulnerable to Unauthenticated Arbitrary Options Update...

3.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/04 12:0 a.m.15 views

Social Sharing Plugin - Kiwi 2.1.0 - Unauthenticated Arbitrary WordPress Options Update and Read

The plugin re-introduced an issue in v2.1.0, allowing unauthenticated attacker to update and read arbitrary WordPress options. This could allow them to create admin accounts by enabling registration and setting the user default role to administrator, or to modify the value of siteurl in order to...

3.5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/12/02 12:0 a.m.6 views

WordPress Materialis theme <=1.0.172 - Authenticated Options Update vulnerability

Authenticated Options Update vulnerability found by NinTechNet in WordPress Materialis theme versions =1.0.172. Solution Update the WordPress Materialis theme to the latest available version at least 1.0.173...

3.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/09/25 12:0 a.m.9 views

WordPress DELUCKS SEO plugin <= 2.1.7 - Unauthenticated Options Update vulnerability

Unauthenticated Options Update vulnerability found in WordPress DELUCKS SEO plugin versions = 2.1.7. Solution This plugin has been closed as of September 22, 2019 and is not available for download. This closure is temporary, pending a full review...

3.4AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/09/21 12:0 a.m.7 views

DELUCKS SEO <= 2.1.7 - Unauthenticated Options Update

This vulnerability was seen actively exploited in the wild on and around September 22nd 2019...

2.4AI score
Exploits0References2Affected Software1
exploitpack
exploitpack
added 2019/07/24 12:0 a.m.13 views

WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions

WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions Exploit Title: Wordpress Hybrid Composer = 1.4.6 - Unauthenticated Configuration Access Admin Takeover Date: 2019-07-24 Vendor Homepage: http://wordpress.framework-y.com Software Link:...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2019/07/24 12:0 a.m.769 views

WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions

Exploit Title: Wordpress Hybrid Composer = 1.4.6 - Unauthenticated Configuration Access Admin Takeover Date: 2019-07-24 Vendor Homepage: http://wordpress.framework-y.com Software Link: http://wordpress.framework-y.com/hybrid-composer/ Reference:...

7.4AI score
Exploits0
WPVulnDB
WPVulnDB
added 2019/07/11 12:0 a.m.17 views

One Click SSL <= 1.4.6 - Multiple Issues

Lack of CSRF and authorisation checks in the settings page, as well as AJAX methods such as ajaxenablessl, ajaxscan and so on could allow unauthorised settings change as well as call of the AJAX methods by a low privileged user. Additionally, it could also allow arbitrary site options update due ...

6.8CVSS2.3AI score0.00795EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/07/10 12:0 a.m.9 views

Hybrid Composer <= 1.4.6 - Unauthenticated Options Update

This plugin has a function to update Wordpress options via Ajax and it's set with the following: addaction'wpajaxnoprivhcajaxsaveoption', 'hcajaxsaveoption'; Which means it does not require authentication and is exploitable by anyone on the internet. I've already spoken to the plugin author about...

2.8AI score
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2019/07/10 12:0 a.m.12 views

Hybrid Composer <= 1.4.6 - Unauthenticated Options Update

This plugin has a function to update Wordpress options via Ajax and it's set with the following: addaction'wpajaxnoprivhcajaxsaveoption', 'hcajaxsaveoption'; Which means it does not require authentication and is exploitable by anyone on the internet. I've already spoken to the plugin author about...

2.2AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2019/06/08 12:0 a.m.21 views

Breadcrumbs by menu <= 1.0.1 - Multiple Issues

XSS, CSRF leading to options update...

6.8CVSS1.5AI score0.0095EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/04/12 12:0 a.m.12 views

WordPress YellowPencil Visual CSS Style Editor plugin <= 7.2.0 - Unauthenticated arbitrary Options update vulnerability

Unauthenticated arbitrary Options update vulnerability found in WordPress YellowPencil Visual CSS Style Editor plugin versions = 7.2.0. Solution 12 April 2019 - this plugin was closed and is no longer available for download...

4AI score
Exploits0References1Affected Software1
Rows per page
Query Builder