Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/10/19 3:44 a.m.13 views

CVE-2025-11378

The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'shortpixelajaxRequest' AJAX action in all versions up to, and including, 6.3.4. This makes it possible for...

5.4CVSS5AI score0.00284EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/18 3:33 a.m.2 views

CVE-2025-11378 ShortPixel Image Optimizer <= 6.3.4 - Authenticated (Contributor+) Settings Import/Export

The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'shortpixelajaxRequest' AJAX action in all versions up to, and including, 6.3.4. This makes it possible for...

5.4CVSS4.5AI score0.00284EPSS
Exploits0References4
OSV
OSV
added 2024/11/13 2:15 a.m.3 views

CVE-2024-10854

The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buyoneclickimportoptions AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-leve...

4.3CVSS7.3AI score
Exploits0References2
OSV
OSV
added 2024/02/29 4:15 a.m.3 views

CVE-2024-1468

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaximportoptions function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers, with...

8.8CVSS6.5AI score0.01161EPSS
Exploits0References2
NVD
NVD
added 2024/02/29 4:15 a.m.17 views

CVE-2024-1468

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaximportoptions function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers, with...

8.8CVSS8.9AI score0.01161EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.20 views

Avada | Website Builder For WordPress & WooCommerce < 7.11.5 - Authenticated (Contributor+) Arbitrary File Upload

Description The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaximportoptions function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers,...

8.8CVSS8.9AI score0.01161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.5 views

PT-2024-18072 · WordPress · Avada

Name of the Vulnerable Software and Affected Versions: Avada | Website Builder For WordPress & WooCommerce theme for WordPress versions up to, and including, 7.11.4 Description: The issue is related to arbitrary file uploads due to missing file type validation in the ajax import options function...

8.8CVSS9.7AI score0.01161EPSS
Exploits0References14
Rows per page
Query Builder