14 matches found
EUVD-2022-40663
Malicious code in bioql PyPI...
CVE-2022-4555
The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate function hooked via init in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can...
WordPress WP Shamsi Plugin <= 4.3.3 is vulnerable to Arbitrary File Deletion
Software WP Shamsi Type Plugin Vulnerable versions = 4.3.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-0335 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 28e13116883e Credits Lana Codes Required privilege...
CVE-2023-0335
The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment...
Improper access control
The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment...
CVE-2023-0335
The CVE-2023-0335 entry concerns the WP Shamsi WordPress plugin (versions up to 4.3.3). The connected sources confirm CSRF and broken access control vulnerabilities that allow a user with as little as Subscriber privileges to delete attachments. The underlying issue is a lack of CSRF validation a...
WordPress plugin WP Shamsi 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2022-4555
The CVE-2022-4555 issue affects the WP Shamsi WordPress plugin (
CVE-2022-38058
Authenticated subscriber+ Plugin Setting change vulnerability in WP Shamsi plugin = 4.1.1 at WordPress...
CVE-2022-38058
Authenticated subscriber+ Plugin Setting change vulnerability in WP Shamsi plugin = 4.1.1 at WordPress...
CVE-2022-38058
WP Shamsi plugin for WordPress is affected up to version 4.1.1 by an authenticated settings-change vulnerability. The root cause is missing authorization checks on plugin settings changes, allowing a subscriber+ to modify settings. Remediation: update to a version greater than 4.1.1 (Patch guidan...
CVE-2022-38058 WordPress WP Shamsi plugin <= 4.1.1 - Authenticated Plugin Setting change vulnerability
Authenticated subscriber+ Plugin Setting change vulnerability in WP Shamsi plugin = 4.1.1 at WordPress...
PT-2022-24177 · WordPress · Wp Shamsi
Name of the Vulnerable Software and Affected Versions: WP Shamsi plugin versions = 4.1.1 Description: The issue is related to an authenticated plugin setting change vulnerability. This means that an attacker with subscriber or higher privileges can change plugin settings. The estimated number of...
WP Shamsi < 4.2.0 - Subscriber+ Settings Update
The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...