Lucene search
+L

90 matches found

OSV
OSV
added 2024/01/08 7:15 p.m.4 views

CVE-2023-6139

The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks...

6.5CVSS5.8AI score0.00609EPSS
Exploits2References1
OSV
OSV
added 2023/07/01 5:15 a.m.2 views

CVE-2021-4388

The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestatesetfeatureproperty and opalestateremovefeatureproperty functions. This makes it possible for unauthenticated...

5.3CVSS5.8AI score0.0073EPSS
Exploits1References3
OSV
OSV
added 2023/06/09 6:16 a.m.5 views

CVE-2023-2275

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'getitem', 'getordernotes' and 'addordernote' functions in versions up to, and including, 1.5.3. This makes it possibl...

5.4CVSS5.8AI score0.00466EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.6 views

PT-2023-12488 · WordPress · Doneren Met Mollie

Name of the Vulnerable Software and Affected Versions: Doneren met Mollie plugin for WordPress versions up to and including 2.8.5 Description: The issue concerns Sensitive Data Exposure due to missing capability checks in the dmm export donations function, which is called via the admin post dmm...

6.5CVSS6.3AI score0.01041EPSS
Exploits1References5
OSV
OSV
added 2023/03/07 2:15 p.m.4 views

CVE-2020-36667

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backupguardclouddropbox, backupguardcloudgdrive, and backupguardcloudoneDrive function...

5.4CVSS5.8AI score0.00483EPSS
Exploits0References2
OSV
OSV
added 2021/11/08 6:15 p.m.6 views

CVE-2021-24783

The Post Expirator WordPress plugin before 2.6.0 does not have proper capability checks in place, which could allow users with a role as low as Contributor to schedule deletion of arbitrary posts...

6.5CVSS5.9AI score0.00798EPSS
Exploits2References1
OSV
OSV
added 2021/09/20 10:15 a.m.4 views

CVE-2021-24618

The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting XSS. Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated...

5.4CVSS5.8AI score0.00386EPSS
Exploits2References1
OSV
OSV
added 2021/08/02 11:15 a.m.10 views

CVE-2021-24504

The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any use...

6.1CVSS5.8AI score0.00762EPSS
Exploits2References1
OSV
OSV
added 2021/06/14 2:15 p.m.4 views

CVE-2021-24355

In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/getwildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the...

4.3CVSS5.8AI score0.0072EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/01/29 12:0 a.m.13 views

Portfolio Filter Gallery < 1.1.3 - CSRF & Reflected XSS

Lack of CSRF checks on the Filters page could allow attackers to add/edit/update/delete categories and delete all categories, as well as perform reflected XSS attacks. v1.0.8 fixed the reflected XSS, however no CSRF check on delete and deleteallcategory actions v1.1.0 released, no additional fix...

0.3AI score
Exploits0References2
Rows per page
Query Builder