Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/04 1:22 p.m.36 views

CVE-2019-25738 WordPress Hybrid Composer 1.4.6 Unauthenticated Settings Change

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hcajaxsaveoption action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to...

9.8CVSS0.00347EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:22 p.m.9 views

CVE-2019-25738

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hcajaxsaveoption action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/06/04 1:22 p.m.10 views

EUVD-2019-20174

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hcajaxsaveoption action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References5
CVE
CVE
added 2026/06/04 1:22 p.m.21 views

CVE-2019-25738

The CVE affects WordPress Hybrid Composer 1.4.6, where an unauthenticated attacker can exploit the hc_ajax_save_option action via admin-ajax.php to modify WordPress options, enabling user registration and setting the default role to administrator, potentially leading to account takeover. The issu...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References5
Rows per page
Query Builder