ND Booking < 2.5 - Unauthenticated Options Change

The Hotel Booking WordPress plugin ND Booking 2.5 was affected by an Unauthenticated Options Change security vulnerability. id: CVE-2019-15774 info: name: ND Booking 2.5 - Unauthenticated Options Change author: popcorn94 severity: medium description: | The Hotel Booking WordPress plugin ND Bookin...

GO-2026-4964 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution in github.com/rclone/rclone

Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution in github.com/rclone/rclone. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this ...

PT-2026-42368

Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution in github.com/rclone/rclone. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this ...

EUVD-2026-25142

Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution...

EUVD-2019-7056

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2024-40627

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack...

CVE-2019-15896

An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The uploadimport function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation administrator account creation, website redirection...

CVE-2019-17230

includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes...

WordPress Media Manager for UserPro plugin <= 3.12.0 - Missing Authorization to Unauthenticated Arbitrary Options Update vulnerability

Missing Authorization to Unauthenticated Arbitrary Options Update vulnerability discovered by Lucio Sá in WordPress Plugin Media Manager for UserPro versions = 3.11.0...

CVE-2021-36913 Redirection for Contact Form 7 <= 2.4.0 - Unauthenticated Options Change and Content Injection vulnerability

Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin = 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension plugin AccessiBe...

CVE-2021-36913

The CVE-2021-36913 issue affects the WordPress plugin Redirection for Contact Form 7 (WPCF7-Redirect) up to version 2.4.0. The vulnerability allows unauthenticated attackers to change plugin options and inject scripts into the footer HTML when the AccessiBe extension is present. This is triggered...

WordPress plugin Shortcode Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

VulnCheck KEV: CVE-2019-17230

includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes...

CVE-2019-17230

includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes...

CVE-2019-17230

The CVE-2019-17230 vulnerability affects WordPress users of the OneTone theme up to version 3.0.6, where the file includes/theme-functions.php allows unauthenticated changes to theme options. This can enable unauthenticated attackers to modify site options (e.g., content or behavior) and is class...

CVE-2019-17228

The CVE-2019-17228 entry concerns the Motors Car Dealer & Classified Ads WordPress plugin (through version 1.4.0). The connected Nuclei template confirms an unauthenticated settings import/export flaw in includes/options.php that allows unauthenticated changes to plugin options, enabling configur...

CVE-2019-17232

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import...

CVE-2019-17232

CVE-2019-17232 affects the WordPress plugin Ultimate FAQs up to version 1.8.24. The vulnerability occurs in Functions/EWD_UFAQ_Import.php, allowing unauthenticated users to import options (and, per related sources, potentially export/import configurations) without authentication. This can enable ...

WordPress DELUCKS SEO plugin <= 2.1.7 - Unauthenticated Options Update vulnerability

Unauthenticated Options Update vulnerability found in WordPress DELUCKS SEO plugin versions = 2.1.7. Solution This plugin has been closed as of September 22, 2019 and is not available for download. This closure is temporary, pending a full review...

Ultimate FAQ < 1.8.25 - Unauthenticated Options Import/Export

The Ultimate FAQ – WordPress Q Plugin WordPress plugin was affected by an Unauthenticated Options Import/Export security vulnerability...