Lucene search
+L

206 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:50 a.m.7 views

CVE-2023-5611

The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them...

5.3CVSS7AI score0.00268EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:25 p.m.5 views

CVE-2021-25092

The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack...

6.5CVSS6.8AI score0.0048EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:38 a.m.8 views

CVE-2019-25143

The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdprcookiecomplianceresetsettings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings...

5.4CVSS6.6AI score0.00705EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:38 a.m.6 views

CVE-2019-25139

The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the /functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin...

6.5CVSS6.9AI score0.00814EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:32 a.m.9 views

CVE-2019-14786

The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter...

6.5CVSS6.9AI score0.01381EPSS
Exploits2References1
CVE
CVE
added 2025/05/15 8:6 p.m.27 views

CVE-2024-10634

The CVE-2024-10634 entry concerns the Nokaut Offers Box WordPress plugin (versions ≤ 1.4.0). Affected component: plugin settings update logic lacking CSRF protection, enabling a CSRF attack that could cause a logged-in administrator to reset the plugin. Exploitation details are not provided beyon...

4.3CVSS6.4AI score0.00161EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/15 4:45 a.m.21 views

CVE-2024-13580

The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...

4.3CVSS6.7AI score0.00157EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/11 6:0 a.m.8 views

CVE-2024-13580 XV Random Quotes <= 1.40 - Settings Reset via CSRF

The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...

4.5AI score0.00157EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/11 6:0 a.m.15 views

CVE-2024-13580 XV Random Quotes <= 1.40 - Settings Reset via CSRF

The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...

0.00157EPSS
Exploits1References1
CVE
CVE
added 2025/03/11 6:0 a.m.64 views

CVE-2024-13580

The CVE-2024-13580 vulnerability affects the XV Random Quotes WordPress plugin (

4.3CVSS7AI score0.00157EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/06 3:48 a.m.27 views

CVE-2024-13686

The VW Storefront theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vwstorefrontresetallsettings function in all versions up to, and including, 0.9.9. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS6.7AI score0.00269EPSS
Exploits0References1
NVD
NVD
added 2025/03/04 4:15 a.m.30 views

CVE-2024-13686

The VW Storefront theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vwstorefrontresetallsettings function in all versions up to, and including, 0.9.9. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS0.00269EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/04 3:37 a.m.10 views

CVE-2024-13686 VW Storefront <= 0.9.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset

The VW Storefront theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vwstorefrontresetallsettings function in all versions up to, and including, 0.9.9. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS4.4AI score0.00269EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/04 3:37 a.m.29 views

CVE-2024-13686 VW Storefront <= 0.9.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset

The VW Storefront theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vwstorefrontresetallsettings function in all versions up to, and including, 0.9.9. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS0.00269EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/03/03 11:32 p.m.7 views

WordPress VW Storefront theme <= 0.9.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Reset vulnerability discovered by Peter Thaleikis in WordPress Theme VW Storefront versions = 0.9.9...

4.3CVSS7AI score0.00269EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/02/18 11:38 p.m.3 views

WordPress Raptive Ads plugin <= 3.6.3 - Missing Authorization to Unauthenticated Data/Settings Reset vulnerability

Missing Authorization to Unauthenticated Data/Settings Reset vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Raptive Ads versions = 3.6.3...

5.3CVSS7AI score0.00449EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/02/18 5:15 a.m.5 views

CVE-2025-0796

The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.10. This is due to missing or incorrect nonce validation on the 'wprequalresetdefaults' action. This makes it possible for unauthenticated attackers to reset...

4.3CVSS7.2AI score0.00192EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/02/17 9:51 p.m.10 views

WordPress Mortgage Lead Capture System plugin <= 8.2.11 - Cross-Site Request Forgery to Settings Reset vulnerability

Cross-Site Request Forgery to Settings Reset vulnerability discovered by Dhabaleshwar Das in WordPress Plugin Mortgage Lead Capture System versions = 8.2.11...

4.3CVSS7AI score0.00192EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/02/12 5:15 a.m.11 views

CVE-2024-12164

The WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsslwpresetsettings function in all versions up to, and including, 1.6. This makes it possible for authenticated...

4.3CVSS0.00406EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/02/12 4:22 a.m.4 views

CVE-2024-12164 WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset

The WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsslwpresetsettings function in all versions up to, and including, 1.6. This makes it possible for authenticated...

4.3CVSS4.3AI score0.00406EPSS
Exploits0References4
Rows per page
Query Builder