15 matches found
WordPress Golo theme <= 1.7.0 - Authentication Bypass to Account Takeover vulnerability
Authentication Bypass to Account Takeover vulnerability discovered by Foxyyy in WordPress Theme Golo versions = 1.7.0...
WordPress Dokan Pro plugin <= 4.0.5 - Authenticated (Vendor+) Privilege Escalation vulnerability
Authenticated Vendor+ Privilege Escalation vulnerability discovered by Foxyyy in WordPress Plugin Dokan Pro versions = 4.0.5...
WordPress Woffice plugin <= 5.4.21 - Authentication Bypass via Registration Role vulnerability
Authentication Bypass via Registration Role vulnerability discovered by Foxyyy in WordPress Theme Woffice versions = 5.4.21...
WordPress WP Pro Real Estate 7 plugin <= 3.5.4 - Authenticated (Seller) Arbitrary File Upload vulnerability
Authenticated Seller Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Theme Real Estate 7 versions = 3.5.4...
WordPress Soledad theme <= 8.5.9 - Unauthenticated Limited Local File Inclusion vulnerability
Unauthenticated Limited Local File Inclusion vulnerability discovered by Foxyyy in WordPress Theme Soledad versions = 8.5.9...
WordPress The Events Calendar plugin <= 6.6.4 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Foxyyy in WordPress Plugin The Events Calendar versions = 6.6.4...
WordPress Betheme theme <= 27.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Foxyyy in WordPress Theme Betheme versions = 27.5.6...
WordPress Modern Events Calendar plugin <= 7.12.1 - Authenticated (Subscriber+) Server Side Request Forgery vulnerability
Authenticated Subscriber+ Server Side Request Forgery vulnerability discovered by Foxyyy in WordPress Plugin Modern Events Calendar versions = 7.12.1...
WordPres Keydatas plugin <= 2.5.2 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin Keydatas versions = 2.5.2...
WordPress Product Table by WBW plugin <= 2.0.1 - Unauthenticated Remote Code Execution vulnerability
Unauthenticated Remote Code Execution vulnerability discovered by Foxyyy in WordPress Plugin Product Table by WBW versions = 2.0.1...
WordPress Modern Events Calendar Lite plugin <= 7.11.0 - Authenticated Arbitrary File Upload vulnerability
Authenticated Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin Modern Events Calendar Lite versions = 7.11.0...
WordPress Modern Events Calendar plugin <= 7.11.0 - Authenticated Arbitrary File Upload vulnerability
Authenticated Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin Modern Events Calendar versions = 7.11.0...
WordPress Video Gallery Plugin <= 1.3.13 is vulnerable to Local File Inclusion
Software Video Gallery Type Plugin Vulnerable versions = 1.3.13 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-4551 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 0a0b54f79834 Credits Foxyyy Required privilege Contributor Publishe...
WordPress WP Reset plugin <= 2.02 - Missing Authorization to License Key Modification vulnerability
Missing Authorization to License Key Modification vulnerability discovered by Foxyyy in WordPress Plugin WP Reset versions = 2.01...
WordPress WP Force SSL & HTTPS SSL Redirect plugin <= 1.66 - Missing Authorization to Settings Update vulnerability
Missing Authorization to Settings Update vulnerability discovered by Foxyyy in WordPress Plugin WP Force SSL & HTTPS SSL Redirect versions = 1.66...