4 matches found
WordPress WP01 - Speed, Security, SEO consultant plugin <= 2.6.2 - Authenticated (Subscriber+) Arbitrary File Download vulnerability
WordPress WP01 - Speed, Security, SEO consultant plugin = 2.6.2 - Authenticated Subscriber+ Arbitrary File Download vulnerability discovered by theviper17y in WordPress Plugin WP01 versions = 2.6.2...
CVE-2025-1972
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with Administrator-level...
PT-2023-23149 · Unknown · Chronosly Events Calendar
Name of the Vulnerable Software and Affected Versions: Chronosly Events Calendar plugin versions = 2.6.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is...
CVE-2020-12530
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter...