266 matches found
CVE-2022-3537
The CVE concerns the WordPress plugin Role Based Pricing for WooCommerce, affected versions prior to 1.6.2. The root cause is inadequate authorization and CSRF protection, plus unvalidated file uploads, allowing any authenticated user (e.g., a subscriber) to upload arbitrary files such as PHP. Pu...
Simple SEO < 1.8.13 - Subscriber+ Sitemap Creation/Deletion
The plugin does not have authorisation check when creating and deleting sitemaps, which could allow any authenticated users, such as subscriber to create and delete them...
Role Based Pricing for WooCommerce < 1.6.2 - Subscriber+ Arbitrary File Upload
The plugin does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP PoC As a subscriber, open the HTML code below while being logged in as a subscriber, then choose a fil...
CVE-2022-3082 miniOrange Discord Integration < 2.1.6 - Subscriber+ App Disabling
The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example...
CVE-2022-3244 Import all XML, CSV & TXT into WordPress < 6.5.8 - Missing Authorisation
The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce...
CVE-2022-2839
The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them t...
Media Library Assistant < 3.01 - Unauthenticated Error Log Access
The plugin does not have authorisation in place, which could allow unauthenticated attackers to access its error log if they can guess or brute force the filename...
CVE-2022-3024
The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored...
CVE-2022-2352
CVE-2022-2352 affects the WordPress Post SMTP Mailer/Email Log plugin prior to 2.1.7. The issue is lack of proper authorization in certain AJAX actions, enabling high-privilege users (e.g., admins) to perform blind SSRF on multisite installations. Remediation is to update to version 2.1.7 or late...
miniOrange Discord Integration < 2.1.6 - Subscriber+ App Disabling
The plugin does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example PoC Run the below command in the developer console of the web browser while being on the blog as any user, such as subscriber...
Cross site request forgery (csrf)
The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors reporter by the submitter or update arbitrary order status...
Design/Logic Flaw
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts...
CVE-2022-2657
CVE-2022-2657 affects the Multivendor Marketplace Solution for WooCommerce WordPress plugin, prior to version 3.8.12. The issue is lack of authorization checks and CSRF protection in multiple AJAX actions, enabling not only unauthenticated CSRF abuse but also action calls by authenticated users (...
CVE-2022-2373
The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address...
Event Calendar < 1.4.7 - Unauthenticated Arbitrary Event Deletion
The plugin does not have authorisation check when deleting events, which could allow unauthenticated attackers to delete them...
About Me <= 1.0.12 - Subscriber+ Arbitrary Network Creation/Deletion
The plugin does not have authorisation and CRSF when adding and deleting networks via AJAX actions, which could allow any authenticated users, such as subscriber to create and delete arbitrary networks...
Accommodation System <= 1.0.1 - Subscriber+ Unauthorised Actions
The plugin does not have authorisation in various actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions...
59sec LITE <= 3.4.1 - Unauthenticated Settings Update
Description The plugin does not have any authorisation in place when updating its settings, allowing unauthenticated attackers to do so...
CVE-2022-2377 Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending
The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog...
CVE-2022-2379
CVE-2022-2379 affects the WordPress Easy Student Results plugin (versions ≤ 2.2.8). The REST API lacks proper authorization, allowing unauthenticated users to retrieve sensitive data: courses, exams, departments, student grades, and PII (email, physical address, phone). The CVSSv3.1 base score is...