Lucene search
K

6 matches found

Nuclei
Nuclei
added 11 hours ago24 views

WordPress Automatic Plugin - Unauthenticated Options Change

WordPress Automatic Plugin versions 3.53.2 and below contains a critical vulnerability that allows unauthenticated users to change arbitrary WordPress options through the processform.php script. The vulnerable script uses updateoption on all POST parameters without authentication or capability...

9.8CVSS7.1AI score0.16408EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2025/02/06 4:25 a.m.14 views

CVE-2021-4374

The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the processform.php file. This makes it possible for unauthenticated attackers to arbitrarily update the...

9.8CVSS6.7AI score0.16408EPSS
Exploits3References1
NVD
NVD
added 2023/06/07 2:15 a.m.31 views

CVE-2021-4374

The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the processform.php file. This makes it possible for unauthenticated attackers to arbitrarily update the...

9.8CVSS9.2AI score0.16408EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.18 views

CVE-2021-4374 WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update

The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the processform.php file. This makes it possible for unauthenticated attackers to arbitrarily update the...

9.1CVSS7.3AI score0.16408EPSS
Exploits3References2
CVE
CVE
added 2023/06/07 1:51 a.m.69 views

CVE-2021-4374

CVE-2021-4374 affects WordPress Automatic Plugin versions up to 3.53.2. The root cause is missing authorization and option validation in process_form.php, allowing unauthenticated users to update arbitrary WordPress options (via update_option()) and potentially compromise the site. The nuclei tem...

9.8CVSS9.2AI score0.16408EPSS
In wildExploits3References2Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2021/09/06 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-4374

The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the processform.php file. This makes it possible for unauthenticated attackers to arbitrarily update the...

9.8CVSS7.4AI score0.16408EPSS
Exploits3References1
Rows per page
Query Builder