12 matches found
WordPress plugin Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2024-1489
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for unauthenticated attacker...
CVE-2024-13318
The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cldeletelistingfunc function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to delete arbitrary pages and posts...
CVE-2024-3663 WP Scraper <= 5.7 - Missing Authorization to Arbitrary Page/Post Creation
The WP Scraper plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpscrapermultiscrapeaction function in all versions up to, and including, 5.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to create...
Post Type Builder < 2.1.4 - Subscriber+ Arbitrary Post/Page Creation
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on a function. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary pages and posts...
WordPress Mass Pages/Posts Creator Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)
Software Mass Pages/Posts Creator Type Plugin Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e259a062e790 Credits Rafie Muhammad Patchsta...
WordPress Mass Pages/Posts Creator plugin <= 2.1.4 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Mass Pages/Posts Creator plugin versions = 2.1.4. Solution Update the WordPress Mass Pages/Posts Creator plugin to the latest available version at least 2.1.5...
CVE-2019-20209
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...
CVE-2016-10883
The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users...
WordPress Mass Pages/Posts Creator plugin <= 1.2.2 - Stored Cross-Site scripting (XSS) vulnerability
Stored Cross-Site scripting XSS vulnerability found by ThreatPress Research Team in WordPress Mass Pages/Posts Creator plugin versions = 1.2.2. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...
Design/Logic Flaw
An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site a...
WordPress Simple Add Pages or Posts plugin cross-site request forgery vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress Simple Add Pages or Posts plugin. It allows remote attacke...