WordPress REST API TO MiniProgram Plugin <= 4.7.1 is vulnerable to SQL Injection

Software REST API TO MiniProgram Type Plugin Vulnerable versions = 4.7.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8484 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a9593ec18e0a Credits wesley wcraft Required privilege...

WordPress REST API TO MiniProgram Plugin <= 4.7.1 is vulnerable to Privilege Escalation

Software REST API TO MiniProgram Type Plugin Vulnerable versions = 4.7.1 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-8485 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID dc9973040e40 Credits wesley wcraft Required...

CVE-2023-0551

The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments...

Cross site request forgery (csrf)

The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments...

CVE-2023-0551

The CVE CVE-2023-0551 affects the WordPress plugin REST API TO MiniProgram (through 4.6.1). The vulnerability is due to missing authorization checks and CSRF protection in an AJAX action, allowing any authenticated user (e.g., subscriber) to call and delete arbitrary attachments. Connected source...

CVE-2023-0551 REST API TO MiniProgram <= 4.6.1 - Subscriber+ Attachment Deletion

The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments...

CVE-2023-0551 REST API TO MiniProgram <= 4.6.1 - Subscriber+ Attachment Deletion

The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments...

WordPress plugin REST API TO MiniProgram 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An access control error vulnerability exist...

WordPress REST API TO MiniProgram Plugin <= 4.6.9 is vulnerable to Arbitrary Content Deletion

Software REST API TO MiniProgram Type Plugin Vulnerable versions = 4.6.9 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-0551 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 319d19ca8dfe Credits Lana Codes Requir...

REST API TO MiniProgram <= 4.6.1 - Subscriber+ Attachment Deletion

The plugin does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments PoC fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

REST API TO MiniProgram <= 4.6.1 - Subscriber+ Attachment Deletion

The plugin does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

08cms (=1.0.0), 18a58t9c-upload (>=1.0.0 <=1.0.3) +3468 more potentially affected by CVE-2022-25851 via jpeg-js (>=0.0.1 <=0.4.3)

jpeg-js NPM version =0.0.1, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =0.0.2, =0.0.1, =0.0.3, =1.0.0, =0.0.2, =2.2.1, =3.4.7 - @lan/uni-libs =0.0.3 and more Source cves: CVE-2022-25851 Source advisory: OSV:GHSA-XVF7-4V9Q-58W6...