Lucene search
+L

138 matches found

CNVD
CNVD
added 2021/11/04 12:0 a.m.18 views

WordPress Stylish Price List plugin access control error vulnerability

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The WordPress Stylish Price List plugin is vulnerable to an access control error in versions prior to 6.9.0, which stems from the plugin's lack of user identity checking in its spluploadserimg AJAX...

5.3CVSS1.6AI score0.0102EPSS
Exploits2References1
NVD
NVD
added 2021/11/01 9:15 a.m.15 views

CVE-2021-24770

The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spluploadserimg AJAX action available to authenticated users, which could allow any authenticated users, such as subscriber, to upload arbitrary images...

6.5CVSS0.00825EPSS
Exploits2References1
OSV
OSV
added 2021/11/01 9:15 a.m.7 views

CVE-2021-24770

The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spluploadserimg AJAX action available to authenticated users, which could allow any authenticated users, such as subscriber, to upload arbitrary images...

6.5CVSS5.9AI score0.00825EPSS
Exploits2References1
OSV
OSV
added 2021/11/01 9:15 a.m.6 views

CVE-2021-24757

The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spluploadserimg AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload images...

5.3CVSS6.1AI score0.0102EPSS
Exploits2References1
NVD
NVD
added 2021/11/01 9:15 a.m.15 views

CVE-2021-24757

The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spluploadserimg AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload images...

5.3CVSS0.0102EPSS
Exploits2References1
Prion
Prion
added 2021/11/01 9:15 a.m.15 views

Design/Logic Flaw

The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spluploadserimg AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload images...

5CVSS5.3AI score0.0102EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2021/11/01 9:15 a.m.17 views

Command injection

The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spluploadserimg AJAX action available to authenticated users, which could allow any authenticated users, such as subscriber, to upload arbitrary images...

4CVSS6.4AI score0.00825EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2021/11/01 8:46 a.m.54 views

CVE-2021-24770

The CVE-2021-24770 item relates to the WordPress plugin Stylish Price List (versions before 6.9.1). Affected component: spl_upload_ser_img AJAX action. Root cause: lack of capability checks for authenticated users, enabling any authenticated user (e.g., subscribers) to upload arbitrary images. Im...

6.5CVSS6.4AI score0.00825EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/11/01 8:46 a.m.17 views

CVE-2021-24770 Stylish Price List < 6.9.1 - Subscriber+ Arbitrary Image Upload

The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spluploadserimg AJAX action available to authenticated users, which could allow any authenticated users, such as subscriber, to upload arbitrary images...

6.6AI score0.00825EPSS
Exploits2References1
CVE
CVE
added 2021/11/01 8:46 a.m.52 views

CVE-2021-24757

CVE-2021-24757 affects the WordPress plugin Stylish Price List (versions prior to 6.9.0). The root cause is missing capability checks in the spl_upload_ser_img AJAX action, making image uploads possible by unauthenticated users. This could lead to arbitrary image upload and potential misuse on af...

5.3CVSS5.2AI score0.0102EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/11/01 8:46 a.m.18 views

CVE-2021-24757 Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload

The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spluploadserimg AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload images...

5.6AI score0.0102EPSS
Exploits2References1
Patchstack
Patchstack
added 2021/11/01 12:0 a.m.14 views

WordPress Stylish Cost Calculator plugin <= 7.03 - Unauthorized AJAX Calls vulnerability leading to Stored Cross-Site Scripting (XSS)

Unauthorized AJAX Calls vulnerability leading to Stored Cross-Site Scripting XSS discovered by apple502j in WordPress Stylish Cost Calculator plugin versions = 7.03. Solution Update the WordPress Stylish Cost Calculator plugin to the latest available version at least 7.04...

2.1AI score0.00307EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2021/11/01 12:0 a.m.7 views

WordPress 访问控制错误漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An access control error vulnerability exists in WordPress Plugins, which stems from The Stylish Pric...

6.5CVSS6.7AI score0.00825EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/11/01 12:0 a.m.8 views

WordPress 访问控制错误漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The WordPress Stylish Price List plugin is vulnerable to an access control error in versions prior to 6.9.0, which stems from the plugin's lack of user identity checking in its spluploadserimg AJAX...

5.3CVSS5.7AI score0.0102EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/11/01 12:0 a.m.25 views

Stylish Cost Calculator < 7.04 - Subscriber+ Unauthorised AJAX Calls to Stored XSS

The plugin does not have any authorisation and CSRF checks on some of its AJAX actions available to authenticated users, which could allow any authenticated users, such as subscriber to call them, and perform Stored Cross-Site Scripting attacks against logged in admin, as well as frontend users d...

5.4CVSS4.7AI score0.00307EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/29 12:0 a.m.18 views

Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload

The plugin does not perform capability checks in its spluploadserimg AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload images. v6.9.0 removed the unauthenticated hook, however, no capability and CSRF checks were implemented,...

5.3CVSS1.6AI score0.0102EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2021/09/29 12:0 a.m.759 views

Stylish Price List < 6.9.1 - Subscriber+ Arbitrary Image Upload

The plugin does not perform capability checks in its spluploadserimg AJAX action available to authenticated users, which could allow any authenticated users, such as subscriber, to upload arbitrary images...

6.5CVSS0.8AI score0.00825EPSS
Exploits2
Patchstack
Patchstack
added 2021/09/29 12:0 a.m.13 views

WordPress Stylish Price List plugin <= 6.8.14 - Unauthenticated Arbitrary Image Upload vulnerability

Unauthenticated Arbitrary Image Upload vulnerability discovered by apple502j in WordPress Stylish Price List plugin versions = 6.8.14. Solution Update the WordPress Stylish Price List plugin to the latest available version at least 6.9.0...

3.3AI score0.0102EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/29 12:0 a.m.11 views

WordPress Stylish Price List plugin <= 6.9.0 - Arbitrary Image Upload vulnerability

Arbitrary Image Upload vulnerability discovered by apple502j in WordPress Stylish Price List plugin versions = 6.9.0. Solution Update the WordPress Stylish Price List plugin to the latest available version at least 6.9.1...

2.8AI score0.00825EPSS
Exploits2References3Affected Software1
Fedora
Fedora
added 2019/04/22 5:11 a.m.13 views

[SECURITY] Fedora 29 Update: wingpanel-2.2.3-2.fc29

Stylish top panel that holds indicators and spawns an application launcher...

2AI score
Exploits0
Rows per page
Query Builder