71 matches found
WordPress WordPress Portfolio Builder plugin <= 1.1.7 - Missing Authorization to Unauthenticated Portfolio Update vulnerability
Missing Authorization to Unauthenticated Portfolio Update vulnerability discovered by shaman0x01 in WordPress Plugin WordPress Portfolio Builder – Portfolio Gallery versions = 1.1.7...
WordPress AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin <= 1.4.23 - Missing Authorization to Unauthenticated Settings Update vulnerability
Missing Authorization to Unauthenticated Settings Update vulnerability discovered by Lucio Sá in WordPress Plugin AnimateGL - Advanced Animation Plugin for WordPress versions = 1.4.23...
WordPress Linkz.ai plugin <= 1.1.8 - Missing Authorization to Unauthenticated Plugin Settings Update vulnerability
Missing Authorization to Unauthenticated Plugin Settings Update vulnerability discovered by István Márton in WordPress Plugin Linkz.ai versions = 1.1.8...
WordPress GiveWP plugin <= 3.13.0 - Missing Authorization to Unauthenticated Event Settings Update vulnerability
Missing Authorization to Unauthenticated Event Settings Update vulnerability discovered by villu164 in WordPress Plugin GiveWP versions = 3.13.0...
WordPress Ibtana plugin <= 1.2.3.3 - Unauthenticated Plugin Settings Update vulnerability
Unauthenticated Plugin Settings Update vulnerability discovered by Peter Thaleikis in WordPress Plugin Ibtana versions = 1.2.3.3...
WordPress Swift Framework plugin <= 2.7.31 - Missing Authorization to Unauthenticated Arbitrary Content Update vulnerability
Missing Authorization to Unauthenticated Arbitrary Content Update vulnerability discovered by Francesco Carlucci in WordPress Plugin Swift Framework versions = 2.7.31...
WordPress Relevanssi Premium plugin <= 2.25.1 - Missing Authorization to Unauthenticated Count Option Update vulnerability
Missing Authorization to Unauthenticated Count Option Update vulnerability discovered by Thura Moe Myint mgthuramoemyint in WordPress Plugin Relevanssi Premium versions = 2.25.1...
WordPress Relevanssi plugin <= 4.22.1 - Missing Authorization to Unauthenticated Count Option Update vulnerability
Missing Authorization to Unauthenticated Count Option Update vulnerability discovered by Thura Moe Myint mgthuramoemyint in WordPress Plugin Relevanssi versions = 4.22.1...
CVE-2023-4628
The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflowsavehook function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladiflowhookconfigs' option via a forged request...
EventON (Free < 2.2.8, Premium < 4.5.6) - Unauthenticated Arbitrary Post Metadata Update
Description The plugins do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata. Note: Such issue could lead to Unauthenticated Stored XSS due to the lack of sanitisation in...
CAOS < 4.7.15 - Unauthenticated Settings Update
Description The plugin does not have authorisation check when updating its settings, which could allow unauthenticated users to update them...
CVE-2021-4401
The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the updatepostsstylekit function. This makes it possible for unauthenticated attackers to update style kits for posts vi...
PT-2023-12510 · WordPress · Amministrazione Trasparente
Name of the Vulnerable Software and Affected Versions: Amministrazione Trasparente plugin for WordPress versions up to, and including, 7.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the at save aturl meta function. This allows...
CVE-2020-36731
The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction function...
CVE-2020-36731 Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update
The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction function...
BACKCLICK 路径遍历漏洞
BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional version 5.9.63 that stems from improper validation or cleanup of uploaded filenames, where an...
Alphabetic Pagination < 3.0.8 - Unauthenticated Arbitrary Option Update
The plugin does not have any proper authorisation in place when updating some settings via a REST endpoint, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary option from the blog and allow registration with a...
PT-2022-22178 · WordPress · Shortcode Addons
Name of the Vulnerable Software and Affected Versions: biplob018's Shortcode Addons plugin versions 3.0.2 and earlier Description: The issue is related to an Unauthenticated Arbitrary Option Update vulnerability. This allows for unauthorized modifications to options. Recommendations: For versions...
Exploit for Download of Code Without Integrity Check in Emcosoftware Msi_Package_Builder
CVE-2022-28944 EMCO Software Multiple Products Unauthenticat...
CVE-2022-0952
The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as...