6 matches found
CVE-2024-6228
The CVE-2024-6228 vulnerability affects the Notifications for Forms & WordPress Actions WordPress plugin (before version 2.6). It occurs because the plugin does not validate a user-supplied value when building a server-side file inclusion path, enabling authenticated users with subscriber-level a...
CVE-2025-68020
CVE-2025-68020 affects the WANotifier WordPress plugin (versions through 2.7.12). The vulnerability is a Missing Authorization (Broken Access Control) issue in the notifier functionality, due to incorrectly configured access control security levels. This could allow an attacker to exploit the wea...
CVE-2025-68020 WordPress Notifier plugin <= 2.7.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in WANotifier Notifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notifier: from n/a through = 2.7.13...
WordPress Notifier plugin <= 2.7.13 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Notifier versions = 2.7.13...
WordPress plugin WANotifier 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-37425 · WordPress · Wanotifier
Name of the Vulnerable Software and Affected Versions: WANotifier WordPress plugin versions prior to 2.6.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in...