CVE-2024-49329

CVE-2024-49329 concerns the WP REST API FNS WordPress plugin (versions

CVE-2024-49328

Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST API FNS allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through 1.0.0...

CVE-2024-49328

Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through = 1.0.0...

CVE-2024-49328 WordPress WP REST API FNS Plugin plugin <= 1.0.0 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through = 1.0.0...

CVE-2024-49328 WordPress WP REST API FNS Plugin plugin <= 1.0.0 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST API FNS allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through 1.0.0...

CVE-2024-49328

CVE-2024-49328 is an authentication bypass vulnerability in the WP REST API FNS WordPress plugin, enabling account takeover. The issue affects WP REST API FNS versions from 1.0.0 and earlier, and is described consistently across sources (NVD, CVE, Red Hat). Connected documents corroborate: the vu...

PT-2024-33469 · WordPress · Wp Rest Api Fns

Name of the Vulnerable Software and Affected Versions: WP REST API FNS versions 1.0.0 and earlier Description: There is an Authentication Bypass Using an Alternate Path or Channel issue in WP REST API FNS, allowing users to bypass authentication. This lets users gain unauthorized access...

WordPress plugin WP REST API FNS 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress WP REST API FNS plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin WP REST API FNS versions = 1.0.0...

WordPress WP REST API FNS Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload

Software WP REST API FNS Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49329 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 82dff35973b2 Credits stealthcopter Required privilege...

WordPress WP REST API FNS Plugin <= 1.0.0 is vulnerable to Privilege Escalation

Software WP REST API FNS Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-49328 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID b5035012904a Credits stealthcopter Required privilege...

Trend Micro Cloud Edge REST API Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Cloud Edge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the REST API, which listens on TCP port 8443 by default. The issue results from t...

CVE-2022-4972

The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive...

CVE-2019-25214

The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perform unauthorized actions such as updating...

CVE-2019-25214 ShopWP <= 2.0.4 - Missing Authorization to Stored Cross-Site Scripting

The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perform unauthorized actions such as updating...

CVE-2022-4972 Download Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data Export

The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive...

CVE-2022-4972

CVE-2022-4972 concerns the Download Monitor plugin for WordPress, affected up to version 4.7.51. The vulnerability is an authorization bypass caused by a missing capability check on several REST-API routes related to reporting. This allows unauthenticated attackers to view user data and other sen...

CVE-2022-4972 Download Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data Export

The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive...

CVE-2019-25217 SiteGround Optimizer <= 5.0.12 - Missing Authorization

The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switchphp function called via the /switch-php REST API...

CVE-2019-25217 SiteGround Optimizer <= 5.0.12 - Missing Authorization

The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switchphp function called via the /switch-php REST API...