6360 matches found
WordPress WPTools Masonry Gallery & Posts For Divi plugin < 3.1.2 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress WPTools Masonry Gallery & Posts For Divi plugin versions 3.1.2. Solution Update the WordPress WPTools Masonry Gallery & Posts For Divi plugin to the latest available version at least 3.1.2...
WordPress "ACF Frontend – Add and edit posts, pages, users and more all from the frontend" plugin < 3.3.33 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress "ACF Frontend – Add and edit posts, pages, users and more all from the frontend" plugin versions 3.3.33. Solution Update the WordPress "ACF Frontend – Add and edit posts, pages, users and more all from the frontend" plugin to...
WordPress WordPress Editable Posts Table for the Frontend plugin < 2.4.15 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WordPress Editable Posts Table for the Frontend plugin versions 2.4.15. Solution Update the WordPress WordPress Editable Posts Table for the Frontend plugin to the latest available version at least...
WordPress WordPress Editable Posts Table for the Frontend plugin < 2.4.15 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress WordPress Editable Posts Table for the Frontend plugin versions 2.4.15. Solution Update the WordPress WordPress Editable Posts Table for the Frontend plugin to the latest available version at least 2.4.15...
WordPress Content Slider for WP Posts (Section Slider) plugin <= 0.0.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Content Slider for WP Posts Section Slider plugin versions = 0.0.0. Solution No patched version available...
WordPress Posts List Designer by Category – List Category Posts Or Recent Posts plugin < 2.1.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Posts List Designer by Category – List Category Posts Or Recent Posts plugin versions 2.1.7. Solution Update the WordPress Posts List Designer by Category – List Category Posts Or Recent Posts plugin t...
The vulnerability lies in the implementation of the edit_posts permission plugin for PHP code, which allows a hacker to execute arbitrary code.
The vulnerability of the editposts permission implementation in the PHP plugin for PHP Everywhere is related to incorrect code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely using metashells...
The vulnerability lies in the implementation of the edit_posts permission plugin for PHP code, which allows a hacker to execute arbitrary code.
The vulnerability of the editposts permission implementation in the PHP plugin for PHP Everywhere is related to incorrect code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code using Götterhuber blocks...
CVE-2022-24664
PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts...
PHP Everywhere < 3.0.0 - Contributor+ RCE via Gutenberg Block
The plugin allows any users with a role as low as contributor to execute PHP via the Gutenberg Block of the plugin in posts...
PHP Everywhere < 3.0.0 - Contributor+ RCE via Metabox
The plugin allows any users with a role as low as contributor to execute PHP via the Metabox of the plugin in posts...
CVE-2021-25072
The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack...
CVE-2021-24868
The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...
CVE-2021-24775
The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...
CVE-2021-24775
The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...
CVE-2021-24868
The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...
Design/Logic Flaw
The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...
CVE-2021-24868 Document Embedder < 1.7.9 - Subscriber+ Arbitrary Private/Draft Post Title Disclosure
The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...
WordPress 安全漏洞
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Document Embedder plugin versions prior to 1.7.5 contain an information disclosure vulnerability that could be exploited to all...
CVE-2021-46458
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=addpost. This vulnerability can be exploited through a crafted POST request via the posttitle parameter...