Lucene search
+L

2155 matches found

Prion
Prion
added 2022/02/04 11:15 p.m.25 views

Design/Logic Flaw

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

4.3CVSS6.2AI score0.70511EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2022/02/04 10:29 p.m.58 views

CVE-2022-0218 WP HTML Mail <= 3.0.9 Missing Authorization on REST-API Route

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

8.3CVSS8.4AI score0.70511EPSS
Exploits3References2
OSV
OSV
added 2022/01/18 5:15 p.m.4 views

CVE-2022-0236

The WP Import Export WordPress plugin both free and premium versions is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpieprocessfiledownload found in the /includes/classes/class-wpie-general.php file. This made it possible for...

7.5CVSS7AI score0.04284EPSS
Exploits2References3
VulnCheck KEV
VulnCheck KEV
added 2022/01/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-0218

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

8.3CVSS6.5AI score0.70511EPSS
Exploits3References1
NVD
NVD
added 2021/10/11 4:15 p.m.19 views

CVE-2021-39317

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback function found in the /demo-functions.php file or /welcome.ph...

8.8CVSS0.01652EPSS
Exploits2References4
Prion
Prion
added 2021/10/11 4:15 p.m.16 views

Design/Logic Flaw

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback function found in the /demo-functions.php file or /welcome.ph...

6.5CVSS8.4AI score0.01652EPSS
Exploits2References4Affected Software43
Cvelist
Cvelist
added 2021/10/11 3:48 p.m.15 views

CVE-2021-39317 AccessPress Themes - Authenticated Malicious File Upload

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback function found in the /demo-functions.php file or /welcome.ph...

8.8CVSS8.8AI score0.01652EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2021/10/11 12:0 a.m.7 views

PT-2021-22526 · Accesspress · Accesspress-Parallax +6

Name of the Vulnerable Software and Affected Versions: AccessPress Demo Importer versions 1.0.6 and earlier accesspress-basic versions 3.2.1 and earlier accesspress-lite versions 2.92 and earlier accesspress-mag versions 2.6.5 and earlier accesspress-parallax version 4.5 accesspress-root version...

8.8CVSS8.3AI score0.01652EPSS
Exploits2References9
WPVulnDB
WPVulnDB
added 2021/10/06 12:0 a.m.20 views

Access Demo Importer < 1.0.7 - Subscriber+ Arbitrary File Upload

Versions up to, and including, 1.0.6, of the Access Demo Importer WordPress plugin are vulnerable to arbitrary file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback functionfound in the /inc/demo-functions.php file along wi...

8.8CVSS1.7AI score0.01652EPSS
Exploits2References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2020/12/17 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-36719

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lpccaddonsactions function. This makes it possible for unauthenticated...

9.8CVSS7.3AI score0.04304EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2017/08/01 2:13 p.m.5 views

Kernel: fs: umount denial of service

The doumount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAPSYSADMIN capability for doremountsb calls that change the root filesystem to read-only, which allows local users to cause a denial of service loss of writability by making certain unshare system calls...

5.5CVSS6.6AI score0.00461EPSS
Exploits0References4
OSV
OSV
added 2017/05/15 2:29 p.m.5 views

UBUNTU-CVE-2017-7490

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing...

5.3CVSS6.3AI score0.00977EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/05/12 12:0 a.m.36 views

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3023)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-3023 advisory. kernel-uek 2.6.32-400.34.5uek - aacraid: missing capable check in compat ioctl Dan Carpenter Orabug: 18723276 CVE-2013-6383 Tenable has extracted the...

6.9CVSS7.2AI score0.0049EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2014/03/12 6:28 p.m.6 views

Kernel: AACRAID Driver compat IOCTL missing capability check

The aaccompatioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAPSYSRAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call...

6.9CVSS7.1AI score0.0049EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2008/09/24 6:43 p.m.8 views

kernel: missing check before setting mount propagation

The dochangetype function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAPSYSADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint...

7.8CVSS7.1AI score0.00375EPSS
Exploits0References4
Rows per page
Query Builder