21 matches found
WordPress plugin WooPayments: Integrated WooCommerce Payments 授权问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress plugin PowerPack for LearnDash 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2026-1070
The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alexusercounterfunction function. This makes it possible for unauthenticated attackers to update the plugin settings via...
CVE-2025-12389
The Import Export For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatesetting function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access a...
PT-2025-44947
The DominoKit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wp ajax nopriv dominokit option admin action AJAX endpoint in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to update plugin settings...
CVE-2024-11341
The Simple Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settingspage function. This makes it possible for unauthenticated attackers to update the plugin's setting...
CVE-2023-7297
The CVE-2023-7297 entry concerns the TwitterPosts WordPress plugin (versions up to 1.0.2). The connected documents confirm a vulnerability where there is no CSRF protection when updating plugin settings, enabling a logged-in administrator to change settings via CSRF. This is documented across mul...
CVE-2024-9778
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepressadminpage' function. This makes it possible for unauthenticated attackers to update...
CVE-2024-3711
The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized plugin setting update due to a missing capability check on the functions actionrequestdisable, actionchangetemplate, and actionrequestenable in all versions up to, and including, 2.4.43. This makes it possible for...
CVE-2022-2375
The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues...
CVE-2022-2375
The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues...
CVE-2022-1845
The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin's data, update the settings, add new entries and more via CSRF attacks...
CVE-2021-39341
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with...
Authorization
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with...
CVE-2021-39341 OptinMonster <= 2.6.4 Unprotected REST-API Endpoints
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with...
CVE-2021-39341
The CVE-2021-39341 issue affects the OptinMonster WordPress plugin (versions up to 2.6.4) due to insufficient authorization validation in the REST API implemented in OMAPI/RestApi.php, leading to sensitive information disclosure and unauthorized setting updates via unprotected REST-API endpoints....
VulnCheck KEV: CVE-2021-39341
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in WordPress uListing plugin versions = 2.0.5 makes it possible for attackers to update settings...
CVE-2019-15871
The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings...
WordPress Slimstat Analytics plugin <= 4.8.3 - Cross-Site Request Forgery (CSRF) to Stored Cross-Site Scripting (XSS) + Setting Updates vulnerabilities
Cross-Site Request Forgery CSRF to Stored Cross-Site Scripting XSS + Setting Updates vulnerabilities found in WordPress Slimstat Analytics plugin versions = 4.8.3. Solution Update the WordPress Slimstat Analytics plugin to the latest available version at least 4.8.4...