Wholesale Suite < 2.1.5.1 - Subscriber+ Missing Authorization for Plugin Settings Change

The plugin does not adequately authorize settings changes, allowing users with a role as low as Subscriber to update plugin settings...

Tapfiliate < 3.0.13 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2023-14057 · WordPress · Link Library

Name of the Vulnerable Software and Affected Versions: Link Library WordPress plugin versions prior to 7.4.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in...

CVE-2023-0086

The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forge...

CVE-2023-0086

The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forge...

VulnCheck KEV: CVE-2022-3805

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

PT-2022-24381 · WordPress · Kwayy Html Sitemap

Name of the Vulnerable Software and Affected Versions: Kwayy HTML Sitemap WordPress plugin versions prior to 4.0 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example,...

PT-2022-25372 · WordPress · The Paytium: Mollie Payment Forms & Donations

Name of the Vulnerable Software and Affected Versions: The Paytium: Mollie payment forms & donations WordPress plugin versions prior to 4.3.7 Description: The issue concerns the lack of sanitization and escaping of some settings in the plugin, which could allow high-privilege users, such as admin...

CVE-2022-3805

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

Authorization

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

CVE-2022-3805

Summary: CVE-2022-3805 affects the Jeg Elementor Kit plugin for WordPress (versions up to and including 2.5.6). The vulnerability is an authorization bypass in functions that update plugin settings, allowing unauthenticated users to update the MailChimp API key, global styles, 404 page settings, ...

WordPress plugin Jeg Elementor Kit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Kwayy HTML Sitemap < 4.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Click the 'Settings' button of this plugin. 2...

Cross site request forgery (csrf)

The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like...

Code injection

Unauth. Plugin Settings Change vulnerability in Modula plugin = 2.6.9 on WordPress...

CVE-2022-41135

The CVE concerns the WordPress Modula image gallery plugin. Affected versions are Modula (WordPress) up to 2.6.9 (and related entries reference 2.6.91/2.6.10 as fixed/versioning in separate sources). The vulnerability is unauthenticated (no credentials required) and allows modification of plugin ...

CVE-2022-41132

Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin = 2.8.8 on WordPress...

Cross site scripting

Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin = 2.8.8 on WordPress...

CVE-2022-41132

The CVE-2022-41132 entry relates to the WordPress Ezoic plugin, vulnerable in versions

WordPress plugin WPML Multilingual CMS premium 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control error...