Lucene search
K

4 matches found

Snyk
Snyk
added 2025/06/26 2:46 p.m.4 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions in the process that handles file uploads and database creation. An attacker can gain unauthorized access to sensitive files by leveraging default file permissions that allow any operating system account to...

6.8CVSS6.8AI score0.0019EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/31 8:34 a.m.16 views

CVE-2025-31406 WordPress ELEX WooCommerce Request a Quote plugin <= 2.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in ELEXtensions ELEX WooCommerce Request a Quote elex-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WooCommerce Request a Quote: from n/a through = 2.3.9...

4.3CVSS0.00288EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/23 12:0 a.m.8 views

CVE-2022-45278

Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/getfields.html component...

8.2AI score0.0072EPSS
Exploits1References1
OSV
OSV
added 2022/11/03 6:15 p.m.4 views

CVE-2022-3852

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the...

6.5CVSS5.6AI score0.00454EPSS
Exploits0References3
Rows per page
Query Builder