22 matches found
WordPress Jobs for WordPress plugin <= 2.7.11 - Authenticated (Subscriber+) Arbitrary File Read vulnerability
Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Jobs for WordPress versions = 2.7.11...
WordPress Greenshift plugin <= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross-Site Scripting vulnerability
Missing Authorization to Authenticated Subscriber+ Server-Side Request Forgery and Stored Cross-Site Scripting vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Greenshift versions = 9.0.0...
WordPress PlugVersions plugin <= 0.0.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Creation vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary File Creation vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin PlugVersions versions = 0.0.7...
WordPress WP Docs plugin <= 2.2.0 - Authenticated (Subscriber+) Time-Based SQL Injection via 'dir_id' vulnerability
Authenticated Subscriber+ Time-Based SQL Injection via 'dirid' vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WP Docs versions = 2.2.0...
WordPress Easy Digital Downloads plugin 3.1-3.3.4 - Improper Authorization to Paywall Bypass vulnerability
Improper Authorization to Paywall Bypass vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Easy Digital Downloads versions 3.1-3.3.4...
WordPress Sirv plugin <= 7.3.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Option Deletion vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary Option Deletion vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Sirv versions = 7.3.0...
WordPress Styler for Ninja Forms plugin <= 3.3.4 - Authenticated (Subscriber+) Arbitrary Option Deletion via deactivate_license vulnerability
Authenticated Subscriber+ Arbitrary Option Deletion via deactivatelicense vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Styler for Ninja Forms versions = 3.3.4...
WordPress Styler for Ninja Forms Plugin <= 3.3.4 is vulnerable to Settings Change
Software Styler for Ninja Forms Type Plugin Vulnerable versions = 3.3.4 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Settings Change CVE CVE-2024-10717 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2b68f06a005e Credits...
WordPress BookingPress plugin <= 1.1.16 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin BookingPress versions = 1.1.16...
WordPress WPAdverts plugin <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting via adverts_add Shortcode vulnerability
Unauthenticated Stored Cross-Site Scripting via advertsadd Shortcode vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WPAdverts versions = 2.1.6...
WordPress AcyMailing plugin <= 9.7.2 - Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive Function vulnerability
Authenticated Subscriber+ Arbitrary File Upload via acymextractArchive Function vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin AcyMailing SMTP Newsletter versions = 9.7.2...
WordPress AcyMailing SMTP Newsletter Plugin <= 9.7.2 is vulnerable to Arbitrary File Upload
Software AcyMailing SMTP Newsletter Type Plugin Vulnerable versions = 9.7.2 Fixed in 9.8.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7384 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 51ad1438d775 Credits Arkadiusz Hydzik Required...
WordPress Depicter Slider plugin <= 3.1.1 - Authenticated (Contributor+) Arbitrary File Upload vulnerability
Authenticated Contributor+ Arbitrary File Upload vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Depicter Slider versions = 3.1.1...
WordPress Bold Page Builder plugin <= 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via btbbbutton Shortcode vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Bold Page Builder versions = 5.0.2...
WordPress FV Player plugin <= 7.5.46.7212 - Authenticated (Subscriber+) SQL Injection via exclude Parameter vulnerability
Authenticated Subscriber+ SQL Injection via exclude Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin FV Flowplayer Video Player versions = 7.5.46.7212...
WordPress BookingPress Appointment Booking plugin <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation vulnerability
Authenticated Subscriber+ Arbitrary File Read to Arbitrary File Creation vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin BookingPress versions = 1.1.5...
WordPress Quiz Maker plugin <= 6.5.8.3 - Unauthenticated SQL Injection via 'ays_questions' vulnerability
Unauthenticated SQL Injection via 'aysquestions' vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Quiz Maker versions = 6.5.8.3...
WordPress Themify - WooCommerce Product Filter plugin <= 1.4.9 - Unauthenticated SQL Injection via conditions Parameter vulnerability
WordPress Themify - WooCommerce Product Filter plugin = 1.4.9 - Unauthenticated SQL Injection via conditions Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Themify – WooCommerce Product Filter versions = 1.4.9...
WordPress Icegram Express plugin <= 5.7.23 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Email Subscribers & Newsletters versions = 5.7.23...
WordPress Icegram Express plugin <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id] vulnerability
Authenticated Subscriber+ SQL Injection Vulnerability via optionslistid vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Email Subscribers & Newsletters versions = 5.7.22...