5 matches found
Transposh WordPress Translation <= 1.0.8 - Unauthenticated Settings Change
The plugin does not have any authorisation in its tptranslation AJAX action, allowing unauthenticated users to call it...
WordPress JobSearch premium plugin <= 1.8.1 - Unauthenticated Settings Change vulnerability
Unauthenticated Settings Change vulnerability discovered by Jerome Bruandet NinTechNet in WordPress JobSearch premium plugin versions = 1.8.1. Solution Update the WordPress JobSearch premium plugin to the latest available version at least 1.8.2...
CVE-2020-20627
The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change...
CVE-2020-20627
The CVE-2020-20627 case concerns GiveWP for WordPress (up to version 2.5.9) where the file includes/gateways/stripe/includes/admin/admin-actions.php allows unauthenticated changes to plugin settings due to insecure access. This is evidenced by connected reports (Nuclei template) describing an una...
CVE-2018-11579
class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wpajaxnopriv usage. Anyone can change the plugin's setting by simply sending a request with a...