Lucene search
+L

6 matches found

cnvd
cnvd
added 2022/05/07 12:0 a.m.42 views

WordPress Sitemap by click5 plugin存在未明漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Sitemap by click5 plugin version 1.0.36 has a security vulnerability that could be exploite...

8.8CVSS2.3AI score0.13329EPSS
Exploits2References1
patchstack
patchstack
added 2022/01/03 12:0 a.m.7 views

WordPress TrustMate.io – integracja z WooCommerce plugin <= 1.7.0 - Arbitrary Blog Option Update vulnerability

Arbitrary Blog Option Update vulnerability discovered by WPScanTeam in WordPress TrustMate.io – integracja z WooCommerce plugin versions = 1.7.0. Solution Update the WordPress TrustMate.io – integracja z WooCommerce plugin to the latest available version at least 1.7.1...

3.7AI score
Exploits0References2Affected Software1
wpvulndb
wpvulndb
added 2021/09/06 12:0 a.m.12 views

uListing < 2.0.9 - Arbitrary Blog Option Update via CSRF

The plugin does not have CSRF check in the uListingimportlayout function, nor perform any validation on the option/post meta key to update to ensure it belongs to the plugin. As a result, attackers could make a logged in admin change any of the blog option such as siteurl, blogname etc as well as...

0.5AI score
Exploits0Affected Software1
wpexploit
wpexploit
added 2021/09/06 12:0 a.m.715 views

uListing < 2.0.9 - Arbitrary Blog Option Update via CSRF

The plugin does not have CSRF check in the uListingimportlayout function, nor perform any validation on the option/post meta key to update to ensure it belongs to the plugin. As a result, attackers could make a logged in admin change any of the blog option such as siteurl, blogname etc as well as...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2021/08/30 12:0 a.m.785 views

Premium Addons for Elementor < 4.5.2 - Subscriber+ Arbitrary Blog Option Update

The plugin does not have any CSRF and authorisation checks in the padismissadminnotice AJAX action, available to any authenticated users, and do not validate the option key to ensure the option to update belongs to the plugin. As a result, any authenticated user, such as subscriber can update...

0.7AI score
Exploits0
wpvulndb
wpvulndb
added 2021/08/30 12:0 a.m.11 views

Premium Addons for Elementor < 4.5.2 - Subscriber+ Arbitrary Blog Option Update

The plugin does not have any CSRF and authorisation checks in the padismissadminnotice AJAX action, available to any authenticated users, and do not validate the option key to ensure the option to update belongs to the plugin. As a result, any authenticated user, such as subscriber can update...

1.5AI score
Exploits0Affected Software1
Rows per page
Query Builder