Lucene search
K

10 matches found

Vulnrichment
Vulnrichment
added 2025/12/13 4:31 a.m.2 views

CVE-2025-14447 AnnunciFunebri Impresa <= 4.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Deletion

The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the annfuresetoptions function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS4.7AI score0.00246EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/12/13 1:5 a.m.5 views

WordPress AnnunciFunebri Impresa plugin <= 4.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Options Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Options Deletion vulnerability discovered by Legion Hunter in WordPress Plugin AnnunciFunebri Impresa versions = 4.7.0...

5.3CVSS5.5AI score0.00246EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/05/19 7:49 p.m.16 views

CVE-2025-39352 WordPress Grand Restaurant WordPress theme <= 7.0 - Arbitrary Options Deletion vulnerability

Missing Authorization vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant: from n/a through = 7.0...

8.2CVSS0.00262EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/21 11:11 a.m.4 views

WordPress Grand Restaurant WordPress theme <= 7.0 - Arbitrary Options Deletion vulnerability

Arbitrary Options Deletion vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Grand Restaurant versions = 7.0...

8.2CVSS7AI score0.00262EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2022/12/12 5:54 p.m.20 views

CVE-2022-3999 WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion

The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable...

8.2AI score0.00424EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2022/11/21 12:0 a.m.19 views

WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion

The plugin does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable. PoC Run the below command in the developer console of the web browser while being on t...

8.1CVSS1.9AI score0.00424EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/11/21 12:0 a.m.168 views

WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion

The plugin does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable. Run the below command in the developer console of the web browser while being on the...

8.1CVSS0.9AI score0.00424EPSS
Exploits2
Cvelist
Cvelist
added 2022/08/22 3:2 p.m.25 views

CVE-2022-2382 Product Slider for WooCommerce < 2.5.7 - Subscriber+ Arbitrary Options Deletion

The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options...

5AI score0.00308EPSS
Exploits2References1
Patchstack
Patchstack
added 2022/07/26 12:0 a.m.19 views

WordPress Product Slider for WooCommerce plugin <= 2.5.6 - Authenticated Arbitrary Options Deletion vulnerability

Authenticated Arbitrary Options Deletion vulnerability discovered by Krzysztof Zając in WordPress Product Slider for WooCommerce plugin versions = 2.5.6. Solution Update the WordPress Product Slider for WooCommerce plugin to the latest available version at least 2.5.7...

4.3CVSS3.4AI score0.00308EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.577 views

Product Slider for WooCommerce < 2.5.7 - Subscriber+ Arbitrary Options Deletion

The plugin has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options. fetch"/wp-admin/admin-ajax.php", "headers": "content-type":...

4.3CVSS0.9AI score0.00308EPSS
Exploits2
Rows per page
Query Builder