5 matches found
EUVD-2021-11412
Malware in sbrugna...
EUVD-2022-42511
Malicious code in bioql PyPI...
CVE-2024-12855
The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sbremovead' in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...
CVE-2023-3179 POST SMTP Mailer < 2.5.7 - Account Takeover via CSRF
The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability resend an email to an arbitrary address for example a password reset email could be resent to an...
CVE-2023-0293 Mediamatic – Media Library Folders <= 2.8.1 - Missing Authorization
The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to chan...