CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

31 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-40663

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00293EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 12:18 a.m.•9 views

CVE-2022-4555

The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate function hooked via init in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can...

6.5CVSS7AI score0.00733EPSS

Exploits0References1

Patchstack•added 2023/03/28 12:0 a.m.•12 views

WordPress WP Shamsi Plugin <= 4.3.3 is vulnerable to Arbitrary File Deletion

Software WP Shamsi Type Plugin Vulnerable versions = 4.3.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-0335 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 28e13116883e Credits Lana Codes Required privilege...

6.5CVSS6.8AI score0.00132EPSS

Exploits2References3Affected Software1

OSV•added 2023/03/27 4:15 p.m.•0 views

CVE-2023-0335

The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment...

6.5CVSS6.9AI score0.00132EPSS

Exploits2References1

NVD•added 2023/03/27 4:15 p.m.•10 views

CVE-2023-0335

The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment...

6.5CVSS6.7AI score0.00132EPSS

Exploits2References1

Prion•added 2023/03/27 4:15 p.m.•20 views

Improper access control

The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment...

4CVSS6.7AI score0.00132EPSS

Exploits2References1Affected Software1

CVE•added 2023/03/27 3:37 p.m.•42 views

CVE-2023-0335

The CVE-2023-0335 entry concerns the WP Shamsi WordPress plugin (versions up to 4.3.3). The connected sources confirm CSRF and broken access control vulnerabilities that allow a user with as little as Subscriber privileges to delete attachments. The underlying issue is a lack of CSRF validation a...

6.5CVSS6.7AI score0.00132EPSS

Exploits2References1Affected Software1

CNNVD•added 2023/03/27 12:0 a.m.•1 views

WordPress plugin WP Shamsi 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.5CVSS6.9AI score0.00132EPSS

Exploits2References2

Positive Technologies•added 2023/03/27 12:0 a.m.•2 views

PT-2023-16188 · WordPress · Wp Shamsi

Name of the Vulnerable Software and Affected Versions: WP Shamsi WordPress plugin versions 4.3.3 and earlier Description: The issue concerns CSRF and broken access control vulnerabilities. These vulnerabilities allow a user with a role as low as a subscriber to delete attachments. Recommendations...

6.5CVSS8.9AI score0.00132EPSS

Exploits2References5

wpexploit•added 2023/02/28 12:0 a.m.•154 views

WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion

The plugin has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment. Exploit 1 attachment id delete: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type': 'application/x-www-form-urlencoded...

6.5CVSS7.2AI score0.00132EPSS

Exploits2

NVD•added 2022/12/16 2:15 p.m.•9 views

CVE-2022-4555

6.5CVSS0.00733EPSS

Exploits0References3

ATTACKERKB•added 2022/12/16 2:15 p.m.•0 views

CVE-2022-4555

6.5CVSS6.2AI score0.00733EPSS

Exploits0References3

Prion•added 2022/12/16 2:15 p.m.•15 views

Authorization

5CVSS5.4AI score0.00733EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/12/16 1:54 p.m.•14 views

CVE-2022-4555 WP Shamsi <= 4.1.0 - Missing Authorization to Arbitrary Plugin Deactivation

6.5CVSS6.7AI score0.00733EPSS

Exploits0References2

CVE•added 2022/12/16 1:54 p.m.•42 views

CVE-2022-4555

The CVE-2022-4555 issue affects the WP Shamsi WordPress plugin (

6.5CVSS5.3AI score0.00733EPSS

Exploits0References3Affected Software1

CNNVD•added 2022/12/16 12:0 a.m.•2 views

WordPress plugin WP Shamsi 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS5.9AI score0.00733EPSS

Exploits0References3

WPVulnDB•added 2022/11/28 12:0 a.m.•21 views

WP Shamsi < 4.1.1 - Unauthenticated Arbitrary Plugin Deactivation

The plugin does not have authorisation check when activating plugins via an action hooked to init, which could allow unauthenticated attackers to deactivate arbitrary plugins from the blog...

6.5CVSS5.1AI score0.00733EPSS

Exploits0Affected Software1

OSV•added 2022/09/09 3:15 p.m.•2 views

CVE-2022-38058

Authenticated subscriber+ Plugin Setting change vulnerability in WP Shamsi plugin = 4.1.1 at WordPress...

4.3CVSS5.8AI score

Exploits0References2

NVD•added 2022/09/09 3:15 p.m.•8 views

CVE-2022-38058

Authenticated subscriber+ Plugin Setting change vulnerability in WP Shamsi plugin = 4.1.1 at WordPress...

4.3CVSS0.00293EPSS

Exploits0References2