Lucene search
+L

3899 matches found

OSV
OSV
added 2023/05/20 3:15 a.m.6 views

CVE-2023-2716

The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajaxuploadfile' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access...

5.4CVSS7.3AI score0.00467EPSS
Exploits0References3
OSV
OSV
added 2023/05/18 3:15 a.m.4 views

CVE-2023-2757

The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on 'saveLang' functions in versions up to, and including, 0.6.2. This could lead to Cross-Site Scripting due to insufficient input sanitization and output escaping. This...

5.4CVSS6AI score0.00454EPSS
Exploits0References3
OSV
OSV
added 2023/05/15 1:15 p.m.3 views

CVE-2023-2179

The WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making...

6.5CVSS7AI score0.00337EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/05/02 7:4 a.m.8 views

CVE-2023-1861 Limit Login Attempts < 1.7.2 - Subscriber+ Stored XSS

The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks...

5.2AI score0.28799EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/04/16 8:42 a.m.11 views

CVE-2022-45849 WordPress Activello Theme <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)

Auth. subscriber+ Reflected Cross-Site Scripting XSS vulnerability in Silkalns Activello theme = 1.4.4 versions...

5.4CVSS6AI score0.00471EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/04/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-1931

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform...

4.3CVSS6.6AI score0.00389EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/04/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-1930

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfcclearcacheofallsitescallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS6.6AI score0.00389EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/04/06 9:15 p.m.3 views

CVE-2023-1929

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfcpurgecachevarnishcallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to pur...

4.3CVSS6.6AI score0.00389EPSS
Exploits0References4
OSV
OSV
added 2023/04/06 9:15 p.m.6 views

CVE-2023-1930

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfcclearcacheofallsitescallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to dele...

4.3CVSS6.6AI score0.00389EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/04/06 9:15 p.m.2 views

CVE-2023-1928

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfcpreloadsinglecallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiat...

4.3CVSS6.6AI score0.00386EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/04/06 9:15 p.m.6 views

CVE-2023-1930

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfcclearcacheofallsitescallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to dele...

4.3CVSS6.6AI score0.00389EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/04/06 9:15 p.m.4 views

CVE-2023-1931

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache...

4.3CVSS6.6AI score0.00389EPSS
Exploits0References4
OSV
OSV
added 2023/04/06 9:15 p.m.5 views

CVE-2023-1929

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfcpurgecachevarnishcallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to pur...

4.3CVSS6.6AI score0.00389EPSS
Exploits0References2
OSV
OSV
added 2023/04/06 9:15 p.m.4 views

CVE-2023-1931

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache...

4.3CVSS6.6AI score0.00389EPSS
Exploits0References2
OSV
OSV
added 2023/04/06 9:15 p.m.11 views

CVE-2023-1928

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfcpreloadsinglecallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiat...

4.3CVSS6.6AI score0.00386EPSS
Exploits0References2
Prion
Prion
added 2023/04/06 9:15 p.m.16 views

Design/Logic Flaw

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfcclearcacheofallsitescallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to dele...

4CVSS4.3AI score0.00389EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/06 12:0 a.m.6 views

PT-2023-17350 · WordPress · Wp Fastest Cache

Name of the Vulnerable Software and Affected Versions: WP Fastest Cache plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is related to unauthorized data deletion due to a missing capability check on the wpfc clear cache of allsites callback function. This allows...

4.3CVSS5.1AI score0.00389EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/04/06 12:0 a.m.8 views

PT-2023-17351 · WordPress · Wp Fastest Cache

Name of the Vulnerable Software and Affected Versions: WP Fastest Cache plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is related to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function. This allows authenticated...

4.3CVSS5.2AI score0.00389EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2023/03/27 3:37 p.m.7 views

CVE-2023-0335 WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion

The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment...

6.7AI score0.01003EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/03/27 3:37 p.m.10 views

CVE-2023-0441 Gallery Blocks with Lightbox < 3.0.8 - Subscriber+ Arbitrary Options Update

The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enab...

8AI score0.00731EPSS
Exploits2References1
Rows per page
Query Builder