CVE-2023-5611 Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import

The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them...

Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import

Description The plugin does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them The issue was partially fixed in 2.20.29 only adding authorisation checks. CSRF checks were added in 2.20.32 PoC As an unauthenticated user,...

One Click SSL <= 1.4.6 - Multiple Issues

Lack of CSRF and authorisation checks in the settings page, as well as AJAX methods such as ajaxenablessl, ajaxscan and so on could allow unauthorised settings change as well as call of the AJAX methods by a low privileged user. Additionally, it could also allow arbitrary site options update due ...