Lucene search
K

48 matches found

Prion
Prion
added 2023/06/07 2:15 a.m.14 views

Authorization

The uListing plugin for WordPress is vulnerable to authorization bypass via wproute due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::importnewlayout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers t...

7.5CVSS9.3AI score0.014EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/06/07 2:15 a.m.17 views

Authorization

The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress...

6.5CVSS8.4AI score0.01186EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2023/06/07 2:15 a.m.17 views

Authorization

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::saveroleapi function in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to arbitrarily delete...

5CVSS5.2AI score0.01019EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2023/06/07 2:15 a.m.25 views

Authorization

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in versions up to, and including, 18.2. This is due to lacking authorization protections, checks against users editing other's posts, and lacking a security nonce, all on the wpfmeditfiletitledesc AJ...

5CVSS5.5AI score0.00797EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/06/07 1:51 a.m.26 views

CVE-2021-4381 uListing <= 1.6.6 - Unauthenticated Options Changes via wp_route

The uListing plugin for WordPress is vulnerable to authorization bypass via wproute due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::importnewlayout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers t...

9.8CVSS9.6AI score0.014EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.10 views

CVE-2021-4381 uListing <= 1.6.6 - Unauthenticated Options Changes via wp_route

The uListing plugin for WordPress is vulnerable to authorization bypass via wproute due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::importnewlayout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers t...

9.8CVSS7.2AI score0.014EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.10 views

CVE-2021-4371 WP Quick FrontEnd Editor <= 5.5 - Authenticated Settings Change

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not ha...

4.3CVSS5.9AI score0.00663EPSS
Exploits1References3
CVE
CVE
added 2023/06/07 1:51 a.m.38 views

CVE-2021-4371

The CVE-2021-4371 entry concerns the WP Quick FrontEnd Editor WordPress plugin, affected through version 5.5. The underlying issue is a missing security nonce and missing capabilities check, enabling low-authenticated attackers to change plugin settings they should not be able to modify. This vul...

4.3CVSS4.5AI score0.00663EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.16 views

CVE-2021-4368 Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload

The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfmsavesettings AJAX action. This makes it possible for subscriber-level attackers to ed...

9.9CVSS7.8AI score0.01853EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/06/07 1:51 a.m.23 views

CVE-2021-4368 Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload

The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfmsavesettings AJAX action. This makes it possible for subscriber-level attackers to ed...

9.9CVSS9.8AI score0.01853EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.10 views

CVE-2021-4359 Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. This is due to lacking authentication protections and lacking a security nonce on the wpfmdeletefile AJAX action. This makes it possible for...

6.5CVSS6.1AI score0.00877EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.20 views

CVE-2021-4357 uListing <= 1.6.6 - Unauthenticated Arbitrary Post/Page Deletion

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::saveroleapi function in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to arbitrarily delete...

9.1CVSS6AI score0.01019EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/06/07 1:51 a.m.31 views

CVE-2021-4357 uListing <= 1.6.6 - Unauthenticated Arbitrary Post/Page Deletion

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::saveroleapi function in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to arbitrarily delete...

9.1CVSS9.3AI score0.01019EPSS
Exploits1References4
CVE
CVE
added 2023/06/07 1:51 a.m.51 views

CVE-2021-4357

Summary : The WordPress uListing plugin is vulnerable to an authorization bypass in the function UlistingUserRole::save_role_api up to and including version 1.6.6 . The root cause is missing capability checks and a missing security nonce, which could allow unauthenticated attackers to arbitrarily...

9.1CVSS5.2AI score0.01019EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2023/06/07 1:51 a.m.27 views

CVE-2020-36700 Page Builder: KingComposer < 2.9.4 - Authorization Bypass due to Improper Access Control

The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress...

8.8CVSS8.5AI score0.01186EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.14 views

CVE-2020-36700 Page Builder: KingComposer < 2.9.4 - Authorization Bypass due to Improper Access Control

The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress...

8.8CVSS7.4AI score0.01186EPSS
Exploits1References4
CVE
CVE
added 2023/06/07 1:51 a.m.52 views

CVE-2020-36700

The CVE-2020-36700 entry concerns the WordPress Page Builder: KingComposer plugin. Affected component: KingComposer Page Builder for WordPress (versions up to and including 2.9.3). Root cause: an authorization bypass due to a security nonce being leaked on /wp-admin/index.php. Impact: authenticat...

8.8CVSS8.3AI score0.01186EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2023/06/07 1:51 a.m.32 views

CVE-2021-4341 uListing <= 1.6.6 - Unauthenticated Wordpress Options Changes via AJAX

The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stmupdateemaildata AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated...

9.8CVSS9.6AI score0.01134EPSS
Exploits1References2
CVE
CVE
added 2023/06/07 1:51 a.m.49 views

CVE-2021-4341

Product: WordPress uListing plugin. Vulnerability: Authorization bypass via Ajax in the stm_update_email_data action due to missing capability checks, missing input validation, and a missing security nonce. Affects versions up to and including 1.6.6. Impact: Unauthenticated attackers can change a...

9.8CVSS9.2AI score0.01134EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.9 views

CVE-2021-4341 uListing <= 1.6.6 - Unauthenticated Wordpress Options Changes via AJAX

The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stmupdateemaildata AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated...

9.8CVSS7.2AI score0.01134EPSS
Exploits1References2
Rows per page
Query Builder