9 matches found
CVE-2019-15896
An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The uploadimport function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation administrator account creation, website redirection...
CVE-2019-17232
Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import...
CVE-2019-17232
CVE-2019-17232 affects the WordPress plugin Ultimate FAQs up to version 1.8.24. The vulnerability occurs in Functions/EWD_UFAQ_Import.php, allowing unauthenticated users to import options (and, per related sources, potentially export/import configurations) without authentication. This can enable ...
Ultimate FAQ < 1.8.25 - Unauthenticated Options Import/Export
The Ultimate FAQ – WordPress Q Plugin WordPress plugin was affected by an Unauthenticated Options Import/Export security vulnerability...
CVE-2019-15896
An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The uploadimport function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation administrator account creation, website redirection...
CVE-2019-15896
An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The uploadimport function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation administrator account creation, website redirection...
LifterLMS <= 3.34.5 - Unauthenticated Options Import
Unauthenticated Options Import, which could lead to - Website Redirection - Administrator Account Creation - Content Injection - Stored XSS The issues have been reported as fixed in 3.35.0. However v3.35.1 added additional input sanitisation and filtering...
CVE-2019-15858
admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution...
CVE-2019-15858
admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution...