PT-2022-16711 · WordPress · Resmush.It

Name of the Vulnerable Software and Affected Versions: reSmush.it plugin versions prior to 0.4.4 Description: The issue concerns a lack of authorization in various AJAX actions within the reSmush.it plugin, allowing any logged-in users, such as subscribers, to call these actions. Recommendations:...

CVE-2021-24968

The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewdufaqwelcomeaddfaq and ewdufaqwelcomeaddfaqpage AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions...

PT-2021-16313 · WordPress · Stylish Cost Calculator

Name of the Vulnerable Software and Affected Versions: Stylish Cost Calculator WordPress plugin versions prior to 7.0.4 Description: The issue is related to the lack of authorization and CSRF checks on some AJAX actions in the plugin, which are available to authenticated users. This could allow a...

PT-2021-22031

Name of the Vulnerable Software and Affected Versions Gutenberg Template Library & Redux Framework plugin versions prior to 4.2.11 Description The Gutenberg Template Library & Redux Framework plugin registered several AJAX actions available to unauthenticated users in the includes function in...

CVE-2021-24282

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the various AJAX actions in the plugin to do a variety of things. For example, an attacker could use wpcf7rresetsettings to reset the plugin’s settings, wpcf7raddaction to...