CVE-2022-35238 WordPress Awesome Filterable Portfolio plugin <= 1.9.7 - Unauthenticated Plugin Settings Change vulnerability

Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin = 1.9.7 at WordPress...

WordPress plugin Seriously Simple Podcasting 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2022-40219 WordPress FavIcon Switcher plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in SedLex FavIcon Switcher plugin = 1.2.11 at WordPress allows plugin settings change...

PT-2022-25290 · Sedlex · Sedlex Favicon Switcher Plugin

Name of the Vulnerable Software and Affected Versions: SedLex FavIcon Switcher plugin versions 1.2.11 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability, which allows changes to plugin settings. This type of vulnerability enables an attacker to perfor...

CVE-2022-3142

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...

CVE-2022-36793

Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin = 3.9.6 at WordPress...

PT-2022-24177 · WordPress · Wp Shamsi

Name of the Vulnerable Software and Affected Versions: WP Shamsi plugin versions = 4.1.1 Description: The issue is related to an authenticated plugin setting change vulnerability. This means that an attacker with subscriber or higher privileges can change plugin settings. The estimated number of...

CVE-2022-2515

The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the proversionactivationcode parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those...

CVE-2022-2540

The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation on the adminpage function found in the /admin.php file. This makes it possible for unauthenticated...

Cross site request forgery (csrf)

The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. This is due to missing nonce validation on the stockistsettingsmain function. This makes it possible for unauthenticated attackers to modify the plugin...

WordPress Captcha Code plugin <= 2.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Plugin Settings Update

Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Update discovered by Rasi Afeef Patchstack Alliance in WordPress Captcha Code plugin versions = 2.7. Solution Update the WordPress Captcha Code plugin to the latest available version at least 2.8...

WordPress WP Shop plugin <= 3.9.6 - Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities

Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities were discovered by ptsfence Patchstack Alliance in the WordPress WP Shop plugin versions = 3.9.6. Solution Deactivate and delete. No reply from the vendor...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in SEO Scout plugin = 0.9.83 at WordPress allows attackers to trick users with administrative rights to unintentionally change the plugin settings...

WordPress About Rentals plugin <= 1.5 - Missing Access Control vulnerability

Missing Access Control vulnerability leading to Unauthenticated Stored XSS and plugin settings change discovered by ptsfence in WordPress About Rentals plugin versions = 1.5. Solution Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This...

CVE-2022-35242

Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin = 3.4.1 at WordPress...

Code injection

Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin = 3.4.1 at WordPress...

CVE-2022-35242 WordPress THE Leads Management System: 59sec LITE plugin <= 3.4.1 - Unauthenticated plugin settings change vulnerability

Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin = 3.4.1 at WordPress...

CVE-2022-35242

CVE-2022-35242 affects the WordPress plugin 59sec LITE (THE Leads Management System) version

WordPress plugin 59sec LITE 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2022-23318 · Akash Soni · As – Create Pinterest Pinboard Pages

Name of the Vulnerable Software and Affected Versions: Akash soni's AS – Create Pinterest Pinboard Pages plugin version 1.0 and earlier Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This occurs when a subscriber or higher can change plugin...