Lucene search
K

2946 matches found

WPVulnDB
WPVulnDB
added 2023/05/09 12:0 a.m.15 views

SALERT < 1.2.2 - Subscriber+ Missing Authorization

The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the salertsavesettingswithajax function...

10AI score0.00394EPSS
Exploits0Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2023/04/07 12:0 a.m.2 views

VulnCheck KEV: CVE-2023-1931

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform...

4.3CVSS6.6AI score0.00389EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/04/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-1930

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfcclearcacheofallsitescallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS6.6AI score0.00389EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/04/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-1928

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfcpreloadsinglecallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS6.6AI score0.00386EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/04/06 9:15 p.m.2 views

CVE-2023-1931

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache...

4.3CVSS6.6AI score0.00389EPSS
Exploits0References4
OSV
OSV
added 2023/04/06 9:15 p.m.8 views

CVE-2023-1928

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfcpreloadsinglecallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiat...

4.3CVSS6.6AI score0.00386EPSS
Exploits0References2
OSV
OSV
added 2023/04/06 9:15 p.m.2 views

CVE-2023-1931

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache...

4.3CVSS6.6AI score0.00389EPSS
Exploits0References2
OSV
OSV
added 2023/04/06 9:15 p.m.4 views

CVE-2023-1930

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfcclearcacheofallsitescallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to dele...

4.3CVSS6.6AI score0.00389EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/04/06 9:15 p.m.5 views

CVE-2023-1930

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfcclearcacheofallsitescallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to dele...

4.3CVSS6.6AI score0.00389EPSS
Exploits0References4
NVD
NVD
added 2023/04/06 9:15 p.m.17 views

CVE-2023-1931

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache...

4.3CVSS4.2AI score0.00389EPSS
Exploits0References2
Prion
Prion
added 2023/04/06 9:15 p.m.20 views

Arbitrary file deletion

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache...

4CVSS4.3AI score0.00389EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/06 8:5 p.m.27 views

CVE-2023-1928 WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_preload_single_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfcpreloadsinglecallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiat...

4.3CVSS4.5AI score0.00386EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/06 8:5 p.m.33 views

CVE-2023-1931 WP Fastest Cache <= 1.1.2 - Missing Authorization in 'deleteCssAndJsCacheToolbar'

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache...

4.3CVSS4.5AI score0.00389EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2023/04/06 12:0 a.m.1 views

VulnCheck KEV: CVE-2023-1929

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfcpurgecachevarnishcallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access...

4.3CVSS6.6AI score0.00389EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/06 12:0 a.m.6 views

PT-2023-17349 · WordPress · Wp Fastest Cache

Name of the Vulnerable Software and Affected Versions: WP Fastest Cache plugin for WordPress versions up to, and including, 1.1.2 Description: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc purgecache varnish...

4.3CVSS5.1AI score0.00389EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
added 2023/04/06 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-4940

The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions...

7.3CVSS6.9AI score0.01084EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/06 12:0 a.m.4 views

PT-2023-17350 · WordPress · Wp Fastest Cache

Name of the Vulnerable Software and Affected Versions: WP Fastest Cache plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is related to unauthorized data deletion due to a missing capability check on the wpfc clear cache of allsites callback function. This allows...

4.3CVSS5.1AI score0.00389EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2023/04/05 7:15 p.m.2 views

CVE-2022-4940

The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such ...

7.3CVSS6.8AI score0.01084EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/04/05 1:23 p.m.35 views

CVE-2023-1868 YourChannel <= 1.2.3 - Missing Authorization to Plugin Cache Reset

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrcclearcache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to clear the plugin's...

6.5CVSS6.5AI score0.00615EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2023/04/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-25446

HappyFiles Pro is vulnerable to a data modification due to a missing capability check. This could allow actions to be performed by unatuhorised users such as deleting arbitrary files...

7.7CVSS7.4AI score0.00348EPSS
Exploits0References1
Rows per page
Query Builder