206 matches found
CVE-2023-5611
The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them...
CVE-2021-25092
The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack...
CVE-2019-25143
The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdprcookiecomplianceresetsettings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings...
CVE-2019-25139
The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the /functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin...
CVE-2019-14786
The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter...
CVE-2024-10634
The CVE-2024-10634 entry concerns the Nokaut Offers Box WordPress plugin (versions ≤ 1.4.0). Affected component: plugin settings update logic lacking CSRF protection, enabling a CSRF attack that could cause a logged-in administrator to reset the plugin. Exploitation details are not provided beyon...
CVE-2024-13580
The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...
CVE-2024-13580 XV Random Quotes <= 1.40 - Settings Reset via CSRF
The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...
CVE-2024-13580 XV Random Quotes <= 1.40 - Settings Reset via CSRF
The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...
CVE-2024-13580
The CVE-2024-13580 vulnerability affects the XV Random Quotes WordPress plugin (
CVE-2024-13686
The VW Storefront theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vwstorefrontresetallsettings function in all versions up to, and including, 0.9.9. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-13686
The VW Storefront theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vwstorefrontresetallsettings function in all versions up to, and including, 0.9.9. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-13686 VW Storefront <= 0.9.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset
The VW Storefront theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vwstorefrontresetallsettings function in all versions up to, and including, 0.9.9. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-13686 VW Storefront <= 0.9.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset
The VW Storefront theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vwstorefrontresetallsettings function in all versions up to, and including, 0.9.9. This makes it possible for authenticated attackers, with Subscriber-level access and...
WordPress VW Storefront theme <= 0.9.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset vulnerability
Missing Authorization to Authenticated Subscriber+ Settings Reset vulnerability discovered by Peter Thaleikis in WordPress Theme VW Storefront versions = 0.9.9...
WordPress Raptive Ads plugin <= 3.6.3 - Missing Authorization to Unauthenticated Data/Settings Reset vulnerability
Missing Authorization to Unauthenticated Data/Settings Reset vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Raptive Ads versions = 3.6.3...
CVE-2025-0796
The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.10. This is due to missing or incorrect nonce validation on the 'wprequalresetdefaults' action. This makes it possible for unauthenticated attackers to reset...
WordPress Mortgage Lead Capture System plugin <= 8.2.11 - Cross-Site Request Forgery to Settings Reset vulnerability
Cross-Site Request Forgery to Settings Reset vulnerability discovered by Dhabaleshwar Das in WordPress Plugin Mortgage Lead Capture System versions = 8.2.11...
CVE-2024-12164
The WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsslwpresetsettings function in all versions up to, and including, 1.6. This makes it possible for authenticated...
CVE-2024-12164 WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset
The WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsslwpresetsettings function in all versions up to, and including, 1.6. This makes it possible for authenticated...