5 matches found
VulnCheck KEV: CVE-2022-34487
Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin = 3.0.2 at WordPress...
CVE-2021-24219 All Thrive Themes and Plugins - Unauthenticated Option Update
The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...
WordPress Thrive Architect premium plugin <= 2.6.7.3 - Unauthenticated Option Update vulnerability
Unauthenticated Option Update vulnerability discovered by WordFence in WordPress Thrive Architect premium plugin versions = 2.6.7.3. Solution Update the WordPress Thrive Architect premium plugin to the latest available version at least 2.6.7.4...
Thrive Apprentice premium plugin <= 2.3.9.3 - Unauthenticated Option Update vulnerability
Unauthenticated Option Update vulnerability discovered by WordFence in Thrive Apprentice premium plugin versions = 2.3.9.3. Solution Update the Thrive Apprentice premium plugin to the latest available version at least 2.3.9.4...
All Thrive Themes and Plugins - Unauthenticated Option Update
The plugins and themes register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty apikey parameter in vulnerable versions if Zapier was not enabled. Attackers coul...