12 matches found
CVE-2019-25149
The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security...
CVE-2019-25149
The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security...
CVE-2019-25149 Gallery Images Ape <= 2.0.6 - Authenticated Plugin Deactivation
The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security...
CVE-2019-25149 Gallery Images Ape <= 2.0.6 - Authenticated Plugin Deactivation
The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security...
CVE-2022-1656 JupiterX Theme <= 2.0.6 and JupiterX Core <= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification
Vulnerable versions of the JupiterX Theme =2.0.6 allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterxapiajax actions registered by the JupiterX Core Plugin =2.0.6. This includes the...
WordPress AccessPress Store theme <= 2.4.9 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress AccessPress Store theme versions = 2.4.9. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress The100 theme <= 1.1.2 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress The100 theme versions = 1.1.2. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress WPparallax theme <= 2.0.6 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress WPparallax theme versions = 2.0.6. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress Zigcy Cosmetics <= 1.0.5 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation
Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Zigcy Cosmetics versions = 1.0.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...
WordPress Ripple theme <= 1.2.0 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation
Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Ripple theme versions = 1.2.0. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...
WordPress The Monday theme <= 1.4.1 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi (Patchstack) in
Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress The Monday theme versions = 1.4.1. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...
WordPress Photo Gallery – Image Gallery by Ape plugin <= 2.0.6 - Authenticated Arbitrary plugin deactivation
Authenticated Arbitrary plugin deactivation found by Jerome Bruandet in WordPress Photo Gallery – Image Gallery by Ape plugin versions = 2.0.6. Solution Update the WordPress Photo Gallery – Image Gallery by Ape plugin to the latest available version at least 2.0.7...