138 matches found
WordPress Stylish Price List plugin access control error vulnerability
WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The WordPress Stylish Price List plugin is vulnerable to an access control error in versions prior to 6.9.0, which stems from the plugin's lack of user identity checking in its spluploadserimg AJAX...
CVE-2021-24770
The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spluploadserimg AJAX action available to authenticated users, which could allow any authenticated users, such as subscriber, to upload arbitrary images...
CVE-2021-24770
The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spluploadserimg AJAX action available to authenticated users, which could allow any authenticated users, such as subscriber, to upload arbitrary images...
CVE-2021-24757
The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spluploadserimg AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload images...
CVE-2021-24757
The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spluploadserimg AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload images...
Design/Logic Flaw
The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spluploadserimg AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload images...
Command injection
The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spluploadserimg AJAX action available to authenticated users, which could allow any authenticated users, such as subscriber, to upload arbitrary images...
CVE-2021-24770
The CVE-2021-24770 item relates to the WordPress plugin Stylish Price List (versions before 6.9.1). Affected component: spl_upload_ser_img AJAX action. Root cause: lack of capability checks for authenticated users, enabling any authenticated user (e.g., subscribers) to upload arbitrary images. Im...
CVE-2021-24770 Stylish Price List < 6.9.1 - Subscriber+ Arbitrary Image Upload
The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spluploadserimg AJAX action available to authenticated users, which could allow any authenticated users, such as subscriber, to upload arbitrary images...
CVE-2021-24757
CVE-2021-24757 affects the WordPress plugin Stylish Price List (versions prior to 6.9.0). The root cause is missing capability checks in the spl_upload_ser_img AJAX action, making image uploads possible by unauthenticated users. This could lead to arbitrary image upload and potential misuse on af...
CVE-2021-24757 Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload
The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spluploadserimg AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload images...
WordPress Stylish Cost Calculator plugin <= 7.03 - Unauthorized AJAX Calls vulnerability leading to Stored Cross-Site Scripting (XSS)
Unauthorized AJAX Calls vulnerability leading to Stored Cross-Site Scripting XSS discovered by apple502j in WordPress Stylish Cost Calculator plugin versions = 7.03. Solution Update the WordPress Stylish Cost Calculator plugin to the latest available version at least 7.04...
WordPress 访问控制错误漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An access control error vulnerability exists in WordPress Plugins, which stems from The Stylish Pric...
WordPress 访问控制错误漏洞
WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The WordPress Stylish Price List plugin is vulnerable to an access control error in versions prior to 6.9.0, which stems from the plugin's lack of user identity checking in its spluploadserimg AJAX...
Stylish Cost Calculator < 7.04 - Subscriber+ Unauthorised AJAX Calls to Stored XSS
The plugin does not have any authorisation and CSRF checks on some of its AJAX actions available to authenticated users, which could allow any authenticated users, such as subscriber to call them, and perform Stored Cross-Site Scripting attacks against logged in admin, as well as frontend users d...
Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload
The plugin does not perform capability checks in its spluploadserimg AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload images. v6.9.0 removed the unauthenticated hook, however, no capability and CSRF checks were implemented,...
Stylish Price List < 6.9.1 - Subscriber+ Arbitrary Image Upload
The plugin does not perform capability checks in its spluploadserimg AJAX action available to authenticated users, which could allow any authenticated users, such as subscriber, to upload arbitrary images...
WordPress Stylish Price List plugin <= 6.8.14 - Unauthenticated Arbitrary Image Upload vulnerability
Unauthenticated Arbitrary Image Upload vulnerability discovered by apple502j in WordPress Stylish Price List plugin versions = 6.8.14. Solution Update the WordPress Stylish Price List plugin to the latest available version at least 6.9.0...
WordPress Stylish Price List plugin <= 6.9.0 - Arbitrary Image Upload vulnerability
Arbitrary Image Upload vulnerability discovered by apple502j in WordPress Stylish Price List plugin versions = 6.9.0. Solution Update the WordPress Stylish Price List plugin to the latest available version at least 6.9.1...
[SECURITY] Fedora 29 Update: wingpanel-2.2.3-2.fc29
Stylish top panel that holds indicators and spawns an application launcher...