Lucene search
+L

7 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-11102

Malware in sbrugna...

8.8CVSS8.6AI score0.01325EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/22 11:28 p.m.8 views

CVE-2022-3946

The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods...

6.5CVSS6.8AI score0.00329EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:20 p.m.13 views

CVE-2021-24194

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Login Protection - Limit Failed Login Attempts WordPress plugin before 2.9, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog...

8.8CVSS7AI score0.01325EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:40 a.m.6 views

CVE-2024-11034

The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via firecontactform AJAX action in all versions up to, and including, 1.4. This is due to the software...

7.3CVSS7.6AI score0.00727EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/10/31 12:0 a.m.9 views

PT-2022-21356

Name of the Vulnerable Software and Affected Versions WordPress Classifieds Plugin versions prior to 4.3 Description The issue arises from the improper sanitization and escaping of certain parameters before they are used in a SQL statement. This occurs via an AJAX action that is accessible to...

9.8CVSS8.2AI score0.05103EPSS
Exploits2References6
Vulnrichment
Vulnrichment
added 2021/11/05 7:44 p.m.8 views

CVE-2021-42359 WP DSGVO Tools (GDPR) <= 3.1.23 Unauthenticated Arbitrary Post Deletion

WP DSGVO Tools GDPR = 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to permanentl...

7.5CVSS6.9AI score0.0393EPSS
Exploits1References1
CNVD
CNVD
added 2021/06/16 12:0 a.m.11 views

Unspecified vulnerability in BetterLinks WordPress plugin (CNVD-2021-44289)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in BetterLinks WordPress plugin versions prior to 2.0.4, which stems...

8.8CVSS6.8AI score0.0148EPSS
Exploits2References1
Rows per page
Query Builder