643 matches found
WordPress Plugin Elementor Addons, Widgets and Enhancements – Stax 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Elementor Addons,...
WordPress Plugin WordPress Automatic 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
UBUNTU-CVE-2022-48318
No authorisation controls in the RestAPI documentation for Tribe29's Checkmk = 2.1.0p13 and Checkmk = 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation...
SUSE CVE-2018-10925
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server...
CVE-2022-4872
The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'...
CVE-2022-4124
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them...
PT-2022-25302 · WordPress · Registration Forms
Name of the Vulnerable Software and Affected Versions: Registration Forms WordPress plugin versions prior to 3.8.1.3 Description: The issue allows unauthenticated attackers to delete arbitrary users, along with their posts, due to a lack of authorisation and CSRF protection when deleting users vi...
CVE-2022-3538
The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins...
WordPress plugin Role Based Pricing for WooCommerce 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A code issue vulnerability exists in the...
CVE-2022-2350
The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block or unblock users at will...
PT-2022-16032 · WordPress · Disable User Login
Name of the Vulnerable Software and Affected Versions: Disable User Login WordPress plugin versions 1.0.0 through 1.0.1 Description: The issue concerns a lack of authorization and CSRF checks when updating settings in the Disable User Login WordPress plugin. This allows unauthenticated attackers ...
CVE-2022-3024
The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored...
KDiskMark 安全漏洞
KDiskMark is an HDD and SSD benchmarking tool by Dmitry Sidorov, a personal developer. It has a very user-friendly graphical user interface. A security vulnerability exists in KDiskMark versions prior to 3.1.0, which stems from a missing authorization check for D-Bus methods such as...
CVE-2022-38367
The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint...
CVE-2022-2276
The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog...
CVE-2022-2180
The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution RCE...
CVE-2022-1572
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file...
CVE-2022-0444
The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key...
PT-2022-13973 · WordPress · Html2Wp
Name of the Vulnerable Software and Affected Versions: HTML2WP WordPress plugin versions prior to 1.1 Description: The issue concerns a lack of authorization and CSRF checks when importing files, along with a failure to validate these files. As a result, unauthenticated attackers can upload...
PT-2022-13501 · WordPress · Member Hero
Name of the Vulnerable Software and Affected Versions: Member Hero WordPress plugin versions 1.0.0 through 1.0.9 Description: The issue lacks authorization checks and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with n...