CVE-2022-4938

The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.0 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying...

AWeber < 7.3.10 - Missing Authorization via AJAX actions

Description The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked by AJAX actions in all versio...