Authorization

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

CVE-2022-3805

Summary: CVE-2022-3805 affects the Jeg Elementor Kit plugin for WordPress (versions up to and including 2.5.6). The vulnerability is an authorization bypass in functions that update plugin settings, allowing unauthenticated users to update the MailChimp API key, global styles, 404 page settings, ...

WordPress plugin Jeg Elementor Kit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Kwayy HTML Sitemap < 4.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Click the 'Settings' button of this plugin. 2...

Cross site request forgery (csrf)

The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like...

Code injection

Unauth. Plugin Settings Change vulnerability in Modula plugin = 2.6.9 on WordPress...

CVE-2022-41135

The CVE concerns the WordPress Modula image gallery plugin. Affected versions are Modula (WordPress) up to 2.6.9 (and related entries reference 2.6.91/2.6.10 as fixed/versioning in separate sources). The vulnerability is unauthenticated (no credentials required) and allows modification of plugin ...

CVE-2022-41132

Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin = 2.8.8 on WordPress...

Cross site scripting

Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin = 2.8.8 on WordPress...

CVE-2022-41132

The CVE-2022-41132 entry relates to the WordPress Ezoic plugin, vulnerable in versions

WordPress plugin WPML Multilingual CMS premium 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control error...

CVE-2022-4021 Permalink Manager Lite <= 2.2.20.1 - Cross-Site Request Forgery

The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extraactions function. This makes it possible for unauthenticated attackers to change plugin settings...

Image Hover Effects < 5.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Go to the plugin settings Image Hover Effects Ima...

WordPress plugin Follow Me Plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Follow Me Plugin 3.1.1 and...

WordPress plugin OAuth Client by DigitialPixies 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

CVE-2022-43491

Cross-Site Request Forgery CSRF vulnerability in Advanced Dynamic Pricing for WooCommerce plugin = 4.1.5 on WordPress leading to plugin settings import...

CVE-2022-40223

Nonce token leakage and missing authorization in SearchWP premium plugin = 4.2.5 on WordPress leading to plugin settings change...

CVE-2022-40223

Nonce token leakage and missing authorization in SearchWP premium plugin = 4.2.5 on WordPress leading to plugin settings change...

CVE-2022-32587

Cross-Site Request Forgery CSRF vulnerability in CodeAndMore WP Page Widget plugin = 3.9 on WordPress leading to plugin settings change...

CVE-2022-27855

Cross-Site Request Forgery CSRF vulnerability in Fatcat Apps Analytics Cat plugin = 1.0.9 on WordPress allows Plugin Settings Change...