Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:20 a.m.14 views

CVE-2019-15896

An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The uploadimport function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation administrator account creation, website redirection...

9.8CVSS7AI score0.07453EPSS
Exploits1References1
OSV
OSV
added 2019/10/07 11:15 p.m.4 views

CVE-2019-17232

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import...

7.5CVSS5.8AI score0.03518EPSS
Exploits1References3
CVE
CVE
added 2019/10/07 10:11 p.m.222 views

CVE-2019-17232

CVE-2019-17232 affects the WordPress plugin Ultimate FAQs up to version 1.8.24. The vulnerability occurs in Functions/EWD_UFAQ_Import.php, allowing unauthenticated users to import options (and, per related sources, potentially export/import configurations) without authentication. This can enable ...

7.5CVSS8.1AI score0.03518EPSS
In wildExploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2019/09/20 12:0 a.m.29 views

Ultimate FAQ < 1.8.25 - Unauthenticated Options Import/Export

The Ultimate FAQ – WordPress Q Plugin WordPress plugin was affected by an Unauthenticated Options Import/Export security vulnerability...

5CVSS2.6AI score0.03518EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2019/09/10 4:15 p.m.15 views

CVE-2019-15896

An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The uploadimport function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation administrator account creation, website redirection...

9.8CVSS7AI score
Exploits0References3
Cvelist
Cvelist
added 2019/09/10 3:28 p.m.23 views

CVE-2019-15896

An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The uploadimport function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation administrator account creation, website redirection...

9.7AI score0.07453EPSS
Exploits1References3
WPVulnDB
WPVulnDB
added 2019/09/09 12:0 a.m.23 views

LifterLMS <= 3.34.5 - Unauthenticated Options Import

Unauthenticated Options Import, which could lead to - Website Redirection - Administrator Account Creation - Content Injection - Stored XSS The issues have been reported as fixed in 3.35.0. However v3.35.1 added additional input sanitisation and filtering...

7.5CVSS1.5AI score0.07453EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/09/03 7:15 a.m.31 views

CVE-2019-15858

admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution...

8.8CVSS8.8AI score0.20813EPSS
Exploits2References2
Cvelist
Cvelist
added 2019/09/03 6:14 a.m.31 views

CVE-2019-15858

admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution...

8.9AI score0.20813EPSS
Exploits2References2
Rows per page
Query Builder