37 matches found
WordPress Plugin Shortcode Addons 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Shortcode Addons <= 3.2.5 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Shortcode Addons versions = 3.2.5...
WordPress Shortcode Addons Plugin <= 3.2.5 is vulnerable to Arbitrary File Upload
Software Shortcode Addons Type Plugin Vulnerable versions = 3.2.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-31114 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 25bf030daa64 Credits Peng Zhou Required privilege Administrator...
CVE-2022-33970
Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin = 3.1.2 at WordPress...
Code injection
Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin = 3.1.2 at WordPress...
CVE-2022-33970
CVE-2022-33970 affects the WordPress Shortcode Addons plugin (versions up to and including 3.1.2). The vulnerability allows authenticated users to change plugin options, indicating an issue in access control for option/configuration changes. The issue is confirmed across multiple sources (NVD/NIS...
CVE-2022-33970 WordPress Shortcode Addons plugin <= 3.1.2 - Authenticated WordPress Options Change vulnerability
Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin = 3.1.2 at WordPress...
WordPress plugin Shortcode Addons 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2022-34487
Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin = 3.0.2 at WordPress...
CVE-2022-34487
Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin = 3.0.2 at WordPress...
CVE-2022-34487 WordPress Shortcode Addons plugin <= 3.0.2 - Unauthenticated Arbitrary Option Update vulnerability
Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin = 3.0.2 at WordPress...
CVE-2022-34487
CVE-2022-34487 affects WordPress Shortcode Addons plugin versions ≤ 3.0.2. Nuclei template and related reports describe an unauthenticated arbitrary option update due to insufficient access controls, enabling attackers to modify plugin options without authentication. Impact is potential site defa...
WordPress plugin Shortcode Addons 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2022-22178 · WordPress · Shortcode Addons
Name of the Vulnerable Software and Affected Versions: biplob018's Shortcode Addons plugin versions 3.0.2 and earlier Description: The issue is related to an Unauthenticated Arbitrary Option Update vulnerability. This allows for unauthorized modifications to options. Recommendations: For versions...
VulnCheck KEV: CVE-2022-34487
Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin = 3.0.2 at WordPress...
WordPress Shortcode Addons plugin <= 3.0.2 - Unauthenticated Arbitrary Option Update vulnerability
Unauthenticated Arbitrary Option Update vulnerability discovered by m0ze Patchstack in WordPress Shortcode Addons plugin versions = 3.0.2. Solution Update the WordPress Shortcode Addons plugin to the latest available version at least 3.0.3...
Shortcode Addons < 3.1.0 - Unauthenticated Arbitrary Option Update
The plugin does not have any authorisation in its REST API endpoint, one of them could allow unauthenticated attackers to update arbitrary blog options. PoC POST /wp-json/ShortCodeAddonsUltimate/v2/addonssettings HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate...