Ebook Store < 5.78 - Unauthenticated Sensitive Data Disclose

The plugin does not have authorisation check in its ebookstoreexportorders function, allowing unauthenticated users to call it and retrieve order information...

TF Random Numbers < 2.0.1 - Subscriber+ Arbitrary Option Update

The plugin does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, such as enabling registration and set the...

Cross site request forgery (csrf)

The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...

RapidLoad Power-Up for Autoptimize < 1.7.2 - Unauthorised AJAX Calls

The plugin does not have authorisation and CSRF checks in various AJAX actions such as deleting logs files etc, allowing them to be called by any authenticated users, such a subscriber or via CSRF attacks...

CVE-2023-27485 Insufficient verification of authorisation when accessing subresults in thmmniii/fbs-core

thmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3 when querying subresults, it is possible to query subresults from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresult...

WP Meta SEO < 4.5.4 - Subscriber+ Google Analytics Settings Update

The plugin does not have authorisation check when updating its Google Analytics settings, which could allow any authenticated users, such as subscriber to update them...

WP Meta SEO < 4.5.4 - Subscriber+ SiteMap Settings Update

The plugin does not have authorisation check when updating its SiteMaps settings, which could allow any authenticated users, such as subscriber to update them...

WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion

The plugin has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. PoC Run the below command in the developer console of the web browser while being on the blog as any authenticated users, such as...

Ajax Search Lite < 4.11.1 - Subscriber+ Sensitive Data Disclosure

The plugin does not have authorisation and CSRF checks in the wdsearchcf AJAX action, which could allow any authenticated users to call it and retrieve arbitrary post metadata Note: v4.11 added only a CSRF check, authorisation was added in 4.11.1...

Magazine Edge <= 1.13 - Subscriber+ Arbitrary Plugin Activation

The theme does not have authorisation and CSRF when activating plugins via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary plugins PoC Run the below command in the developer console of the web browser while being on the blog as a subscriber user...

Quick Restaurant Menu < 2.1.0 - Subscriber+ Arbitrary Post Deletion/Updating

The plugin does not ensure that the menu to be deleted/updated is actually a menu, and does not have authorisation in the related AJAX actions, which could allow any authenticated users, such as subscriber, to delete and update arbitrary posts...

ContentStudio < 1.2.6 - Authorisation Bypass

The plugin does not properly check for API keys, allowing unauthenticated users bypass of the authorisation in place via type juggling...

MainWP Code Snippets Extension < 4.0.3 - Subscriber+ Settings Update

The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

Royal Elementor Addons < 1.3.60 - Subscriber+ Arbitrary Plugin Deactivation

The plugin does not have authorisation and CSRF checks when deactivating plugins, which could allow any authenticated user, such as subscriber to perform such action...

Royal Elementor Addons < 1.3.60 - Subscriber+ Arbitrary Template Import

The plugin does not have authorisation and CSRF checks when importing templates, which could allow any authenticated user, such as subscriber to perform such action...

Royal Elementor Addons < 1.3.60 - Subscriber+ Arbitrary Template Activation

The plugin does not have authorisation and CSRF checks when activating templates, which could allow any authenticated user, such as subscriber to perform such action...

Royal Elementor Addons < 1.3.60 - Subscriber+ Arbitrary Import Deletion

The plugin does not have authorisation and CSRF checks when deleting imported content, which could allow any authenticated user, such as subscriber to perform such action...

CVE-2022-4103

CVE-2022-4103 affects the Royal Elementor Addons WordPress plugin (versions prior to 1.3.56). The root cause is lack of authorization and CSRF checks when creating a template, with no guarantee the created post is actually a template. This can allow any authenticated user (e.g., subscribers) to c...

CVE-2022-4103 Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Creation

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post as well as any post type with an...

CVE-2022-3923

The CVE-2022-3923 issue affects the ActiveCampaign for WooCommerce WordPress plugin prior to version 1.9.8. The vulnerability is a missing authorization check when cleaning up error logs via an AJAX action, permitting any authenticated user (e.g., a subscriber) to invoke the action and remove err...