66 matches found
CVE-2024-11848
CVE-2024-11848 affects NitroPack – Caching & Speed Optimization for WordPress. The vulnerability is due to a missing capability check on the nitropack_dismiss_notice_forever AJAX action in NitroPack versions up to 1.17.0, enabling authenticated attackers with subscriber-level access and above to ...
CVE-2024-11848 NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropackdismissnoticeforever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access...
CVE-2024-11848 NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropackdismissnoticeforever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access...
WordPress NitroPack plugin <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Options Update vulnerability discovered by Sean Murphy in WordPress Plugin NitroPack versions = 1.17.0...
WordPress plugin NitroPack 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin NitroPack 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2025-1702 · WordPress · Nitropack
Name of the Vulnerable Software and Affected Versions: NitroPack plugin for WordPress versions up to, and including, 1.17.0 Description: The issue arises from a missing capability check in the nitropack rml notification function, allowing authenticated attackers with subscriber access or higher t...
CVE-2024-43922
Improper Control of Generation of Code 'Code Injection' vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7...
CVE-2024-43922
Improper Control of Generation of Code 'Code Injection' vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7...
CVE-2024-43922 WordPress NitroPack plugin <= 1.16.7 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7...
CVE-2024-43922 WordPress NitroPack plugin <= 1.16.7 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7...
CVE-2024-43922
Conforms to MODE C: CVE-2024-43922 affects NitroPack – Caching & Speed Optimization for WordPress. The vulnerability is an unauthenticated code injection via shortcode execution in NitroPack versions up to 1.16.7, allowing code execution by crafting arbitrary shortcodes. Impact is described as Co...
WordPress plugin NitroPack 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress NitroPack plugin <= 1.16.7 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin NitroPack versions = 1.16.7...
WordPress NitroPack Plugin <= 1.16.7 is vulnerable to Broken Access Control
Software NitroPack Type Plugin Vulnerable versions = 1.16.7 Fixed in 1.16.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43922 Patch priority Low CVSS severity Low 4.8 Developer Claim ownership PSID 68fa122dccba Credits Rafie Muhammad Patchstack Require...
NitroPack < 1.10.0 - Missing Authorization via multiple AJAX functions
Description The plugin is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX function in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with subscriber access and above...
WordPress NitroPack - Cache & Speed Optimization Plugin < 1.10.3 CSRF Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nitropackinc:nitropack"; if description...
CVE-2023-52121
Cross-Site Request Forgery CSRF vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...
CVE-2023-52121 WordPress NitroPack Plugin <= 1.10.2 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...