Wordpress plugin Controlled Admin Access 访问控制错误漏洞

WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in multiple Wordpress plugins that allows an attacker to use this endpoint to add arbitrary data to predefined options in the wpoptions table. The following products and versions are affected: The...

WordPress Thrive Quiz Builder premium plugin <= 2.3.9.3 - Unauthenticated Option Update vulnerability

Unauthenticated Option Update vulnerability discovered by WordFence in WordPress Thrive Quiz Builder premium plugin versions = 2.3.9.3. Solution Update the WordPress Thrive Quiz Builder premium plugin to the latest available version at least 2.3.9.4...

VulnCheck KEV: CVE-2021-24182

The tutorquizbuildergetanswersbyquestion AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students...

CVE-2019-9567

CVE-2019-9567 describes an XSS vulnerability in the WordPress Forminator Contact Form, Poll & Quiz Builder plugin prior to v1.6, caused by improper handling/encoding of a custom poll input field. Public records (NVD entry) state an XSS in the poll input field; some sources discuss persistent XSS ...

CVE-2019-9568

The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry parameter if the attacker has the delete permission...