CVE-2023-1874

The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiplerolesupdate function. This makes it possible for authenticated attackers, with minimal permissions such as a...

PT-2023-31969 · WordPress · The Ai Chatbot For Wordpress

Name of the Vulnerable Software and Affected Versions: The AI ChatBot for WordPress versions up to, and including, 4.8.9 The AI ChatBot for WordPress version 4.9.2 Description: The issue allows subscriber-level attackers to perform Directory Traversal, potentially leading to a Denial of Service D...

CVE-2023-3244

The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restoresettings function called via an AJAX action in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers with minimal...

CVE-2020-10195

The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal...