140 matches found
JVN#42543427: WordPress Plugin "Advanced Custom Fields" vulnerable to missing authorization
WordPress Plugin "Advanced Custom Fields" provided by Delicious Brains contains a missing authorization vulnerability CWE-862. Impact Users of this product Editor, Author, Contributor may view the information on the database without the access permission. Solution Update the plugin Update the...
WordPress Blocked in China – Check if your site is available in the mainland plugin <= 1.0.2 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Blocked in China – Check if your site is available in the mainland plugin versions = 1.0.2. Solution Update the WordPress Blocked in China – Check if your site is available in the mainland plugin to the latest available versio...
WordPress Product Carousel For WooCommerce – WoorouSell plugin < 1.0.9 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Product Carousel For WooCommerce – WoorouSell plugin versions 1.0.9. Solution Update the WordPress Product Carousel For WooCommerce – WoorouSell plugin to the latest available version at least 1.0.9...
WordPress Floating Social Share Icons and Social Share buttons – Next Previous Post Links – FL plugin <= 3.5.9 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Floating Social Share Icons and Social Share buttons – Next Previous Post Links – FL plugin versions = 3.5.9. Solution Update the WordPress Floating Social Share Icons and Social Share buttons – Next Previous Post Links – FL...
WordPress Plugin "Software License Manager" vulnerable to cross-site request forgery
Overview WordPress Plugin "Software License Manager" provided by Tips and Tricks HQ contains a cross-site request forgery vulnerability CWE-352. Koken Tokuda of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University. reported this vulnerability to...
WordPress Plugin "WordPress Email Template Designer - WP HTML Mail" vulnerable to cross-site request forgery
Overview WordPress Plugin "WordPress Email Template Designer - WP HTML Mail" provided by codemiq contains a cross-site request forgery vulnerability CWE-352. Konan Nagashima of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this...
WordPress YOP Polls 6.2.7 Plugin - Stored Cross Site Scripting Vulnerability
Exploit Title: WordPress Plugin YOP Polls 6.2.7 - Stored Cross Site Scripting XSS Exploit Author: inspired - Toby Jackson Vendor Homepage: https://yop-poll.com/ Blog Post: https://www.in-spired.xyz/discovering-wordpress-plugin-yop-polls-v6-2-7-stored-xss/ Software Link:...
JVN#35240327: WordPress plugin "WP Fastest Cache" vulnerable to directory traversal
WordPress plugin "WP Fastest Cache" provided by Emre Vona contains a directory traversal vulnerability CWE-22. Impact Arbitrary files on the server may be deleted by a user with an administrative privilege. Solution Update the plugin Update the plugin according to the information provided by the...
WordPress Plugin "Name Directory" vulnerable to cross-site request forgery
Overview WordPress Plugin "Name Directory" provided by J. Peters contains a cross-site request forgery vulnerability CWE-352. Yuta Asai of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to the developer and...
JVN#50470170: WordPress Plugin "Name Directory" vulnerable to cross-site request forgery
WordPress Plugin "Name Directory" provided by J. Peters contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin...
WordPress Limit Login Attempts Reloaded plugin <= 2.17.3 - Login Rate Limiting Bypass vulnerability
Login Rate Limiting Bypass vulnerability found by n4nj0 in WordPress Limit Login Attempts Reloaded plugin versions = 2.17.3. Solution Update the WordPress Limit Login Attempts Reloaded plugin to the latest available version at least 2.17.4...
Multiple vulnerabilities in WordPress Plugin "Simple Download Monitor"
Overview WordPress Plugin "Simple Download Monitor" provided by Tips and Tricks HQ contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2020-5650 SQL Injection CWE-89 - CVE-2020-5651 Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the...
WordPress Plugin "Live Chat - Live support" vulnerable to cross-site request forgery
Overview WordPress Plugin "Live Chat - Live support" provided by onWebChat contains a cross-site request forgery vulnerability CWE-352. Yusuke Fukuda of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to the...
WordPress Plugin "Paid Memberships Pro" vulnerable to SQL injection
Overview WordPress Plugin "Paid Memberships Pro" contains an SQL injection vulnerability CWE-89. Kenichi Okuno of Mitsui Bussan Secure Directions, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
CVE-2020-8318
A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges...
Privilege escalation
A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges...
Joomla! plugin "AcyMailing" vulnerable to arbitrary file uploads
Overview Joomla! plugin "AcyMailing" allows an unauthenticated user to upload arbitrary files CWE-434. qw3rTyTy reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Arbitrary PHP code may be executed. Solution...
WordPress Plugin "Easy Property Listings" vulnerable to cross-site request forgery
Overview WordPress Plugin "Easy Property Listings" provided by Merv Barrett contains a cross-site request forgery vulnerability CWE-352. Rei Nakahara of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to the...
JVN#26847507: Multiple vulnerabilities in "Custom Body Class"
WordPress Plugin "Custom Body Class" provided by Andrei Lupu contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6029 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N|...
JVN#49575131: WordPress Plugin ”HTML5 Maps” vulnerable to cross-site request forgery
WordPress Plugin ”HTML5 Maps” provided by Fla-Shop.com contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information provided b...