7 matches found
CVE-2022-0164
The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its comingsoonsendmail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users...
EUVD-2021-11398
Malware in sbrugna...
EUVD-2022-42825
Malicious code in bioql PyPI...
CVE-2023-5798
The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks...
CVE-2023-5737
The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings...
PT-2023-25413 · WordPress · Simple Author Box
Name of the Vulnerable Software and Affected Versions: The Simple Author Box WordPress plugin versions prior to 2.52 Description: The issue is related to the disclosure of arbitrary user information due to a lack of verification of the user ID before outputting information about that user. This c...
CVE-2022-3769 OWM Weather < 5.6.9 - Contributor+ SQLi
The OWM Weather WordPress plugin before 5.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as contributor...