4 matches found
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions in the process that handles file uploads and database creation. An attacker can gain unauthorized access to sensitive files by leveraging default file permissions that allow any operating system account to...
CVE-2025-31406 WordPress ELEX WooCommerce Request a Quote plugin <= 2.3.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in ELEXtensions ELEX WooCommerce Request a Quote elex-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WooCommerce Request a Quote: from n/a through = 2.3.9...
CVE-2022-45278
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/getfields.html component...
CVE-2022-3852
The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the...