CVE-2018-11579

class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wpajaxnopriv usage. Anyone can change the plugin's setting by simply sending a request with a...

CVE-2022-40218 WordPress TH Advance Product Search plugin <= 1.1.4 - Unauthenticated Plugin Settings Change vulnerability

Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4...

CVE-2022-40218 WordPress TH Advance Product Search plugin <= 1.1.4 - Unauthenticated Plugin Settings Change vulnerability

Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4...

WordPress WP Shop plugin <= 3.9.6 - Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities

Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities were discovered by ptsfence Patchstack Alliance in the WordPress WP Shop plugin versions = 3.9.6. Solution Deactivate and delete. No reply from the vendor...

WordPress XCloner plugin < 4.3.5 - Unauthenticated Plugin Settings Reset vulnerability

Unauthenticated Plugin Settings Reset vulnerability discovered by Krzysztof Zając in WordPress XCloner plugin versions 4.3.5. Solution Update the WordPress XCloner Backup, Restore and Migrate plugin to the latest available version at least 4.3.6...

Advanced AJAX Product Filters < 1.3.7 - Unauthenticated Plugin Settings Update

The Advanced AJAX Product Filters WordPress plugin was affected by an Unauthenticated Plugin Settings Update security vulnerability...