CVE-2023-4924

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobebulkoperationsdelete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products...

WordPress Plugin WooCommerce Dynamic Pricing and Discounts Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Information disclosure

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent Linux, macOS, Windows before build 35739...

CVE-2023-44210

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 29258, Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186...

WordPress plugin FTP Access Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2023-41750

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent Linux, macOS, Windows before build 32047...

CVE-2023-0551

The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments...

CVE-2023-36000

A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. Al...

WordPress Plugin Elementor Addons, Widgets and Enhancements – Stax 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Elementor Addons,...

WordPress Plugin WordPress Automatic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

UBUNTU-CVE-2022-48318

No authorisation controls in the RestAPI documentation for Tribe29's Checkmk = 2.1.0p13 and Checkmk = 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation...

SUSE CVE-2018-10925

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server...

CVE-2022-4872

The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'...

CVE-2022-4124

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them...

PT-2022-25302 · WordPress · Registration Forms

Name of the Vulnerable Software and Affected Versions: Registration Forms WordPress plugin versions prior to 3.8.1.3 Description: The issue allows unauthenticated attackers to delete arbitrary users, along with their posts, due to a lack of authorisation and CSRF protection when deleting users vi...

CVE-2022-3538

The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins...

WordPress plugin Role Based Pricing for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A code issue vulnerability exists in the...

CVE-2022-2350

The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block or unblock users at will...

PT-2022-16032 · WordPress · Disable User Login

Name of the Vulnerable Software and Affected Versions: Disable User Login WordPress plugin versions 1.0.0 through 1.0.1 Description: The issue concerns a lack of authorization and CSRF checks when updating settings in the Disable User Login WordPress plugin. This allows unauthenticated attackers ...

CVE-2022-3024

The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored...