17 matches found
CVE-2019-17230
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes...
PT-2024-37846 · WordPress · Social Auto Poster
Name of the Vulnerable Software and Affected Versions: Social Auto Poster plugin for WordPress versions up to, and including, 5.3.14 Description: The issue allows unauthorized access, modification, and loss of data due to a missing capability check on multiple functions. This enables...
VulnCheck KEV: CVE-2019-17230
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes...
CVE-2019-17230
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes...
CVE-2019-17230
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes...
CVE-2019-17230
The CVE-2019-17230 vulnerability affects WordPress users of the OneTone theme up to version 3.0.6, where the file includes/theme-functions.php allows unauthenticated changes to theme options. This can enable unauthenticated attackers to modify site options (e.g., content or behavior) and is class...
CVE-2019-17228
The CVE-2019-17228 entry concerns the Motors Car Dealer & Classified Ads WordPress plugin (through version 1.4.0). The connected Nuclei template confirms an unauthenticated settings import/export flaw in includes/options.php that allows unauthenticated changes to plugin options, enabling configur...
CVE-2019-16251
plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes...
Design/Logic Flaw
plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes...
CVE-2019-16251
plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes...
CVE-2019-16251
CVE-2019-16251 affects the YIT Plugin Framework (plugin-fw/lib/yit-plugin-panel-wc.php) up to version 3.3.8 used by WordPress plugins, allowing authenticated users to change plugin options. Connected sources confirm this affects multiple YITH plugins (Order Tracking, Custom Thank You Page for Woo...
CVE-2019-16250
includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets CSS token sequence...
Design/Logic Flaw
includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets CSS token sequence...
CVE-2019-16250
includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets CSS token sequence...
CVE-2019-16250
CVE-2019-16250 affects the WordPress plugin Ocean Extra (
CVE-2019-15895
search-exclude.php in the "Search Exclude" plugin before 1.2.4 for WordPress allows unauthenticated options changes...
CVE-2019-15895
The vulnerability CVE-2019-15895 affects the WordPress Search Exclude plugin prior to version 1.2.4, due to an access control error that allows unauthenticated changes to plugin options. This enables an attacker to perform arbitrary settings changes without authentication, exposing the plugin’s c...