CVE-2026-6441 Canto <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Setting Modification

The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 3.1.1. This is due to the absence of any capability check or nonce verification in the updateOptions function, which is exposed via two AJAX hooks: wpajaxupdateOptions class-canto.php line 231 an...

PT-2025-51049

The 404 Solution plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This is due to improper sanitization of the filterText paramet...

WordPress plugin 404 Solution SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin 404...

WordPress Plugin Ovic Responsive WPBakery Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Ovic Responsive...

CVE-2022-48012

Opencats v0.9.7 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /opencats/index.php?m=settings&a=ajaxtagsupd...

VulnCheck KEV: CVE-2016-10972

The newspaper theme before 6.7.2 for WordPress has a lack of options access control via tdajaxupdatepanel...

CVE-2022-1393

The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field and provides a shortcode to display it via wpsubtitle. The subtitle is stored as a custom post meta with the key: "wpssubtitle", which is sanitized upon post save/update, however is not sanitized when updating it directly from th...

WordPress plugin Post Grid 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the...

Denial Of Service (DoS)

cumin is vulnerable to denial of service DoS attacks. The vulnerability exists as Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service CPU and memory consumption via a crafted Ajax update request...

CVE-2016-10148

The CVE-2016-10148 entry concerns WordPress before 4.6. The vulnerable component is wp_ajax_update_plugin in wp-admin/includes/ajax-actions.php. The root cause is that a get_plugin_data call is performed before checking the update_plugins capability, allowing remote authenticated users to bypass ...

CVE-2016-6897

Cross-site request forgery CSRF vulnerability in the wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the checkajaxreferer...

Avira License Application - Cross Site Request Forgery Vulnerability

Document Title: =============== Avira License Application - Cross Site Request Forgery Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1302 Video: http://www.vulnerability-lab.com/getcontent.php?id=1301 Release Date: ============= 2014-08-2...

CVE-2013-4284

Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service CPU and memory consumption via a crafted Ajax update request...

Cross site request forgery (csrf)

Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service CPU and memory consumption via a crafted Ajax update request...

CVE-2013-4284

Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service CPU and memory consumption via a crafted Ajax update request...

cumin: Denial of service due to improper handling of certain Ajax requests

Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service CPU and memory consumption via a crafted Ajax update request...