Lucene search
K

14 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-40663

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00517EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 12:18 a.m.12 views

CVE-2022-4555

The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate function hooked via init in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can...

6.5CVSS7AI score0.00665EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/03/28 12:0 a.m.14 views

WordPress WP Shamsi Plugin <= 4.3.3 is vulnerable to Arbitrary File Deletion

Software WP Shamsi Type Plugin Vulnerable versions = 4.3.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-0335 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 28e13116883e Credits Lana Codes Required privilege...

6.5CVSS6.8AI score0.01003EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2023/03/27 4:15 p.m.25 views

CVE-2023-0335

The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment...

6.5CVSS6.7AI score0.01003EPSS
Exploits2References1
Prion
Prion
added 2023/03/27 4:15 p.m.26 views

Improper access control

The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment...

4CVSS6.7AI score0.01003EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/03/27 3:37 p.m.53 views

CVE-2023-0335

The CVE-2023-0335 entry concerns the WP Shamsi WordPress plugin (versions up to 4.3.3). The connected sources confirm CSRF and broken access control vulnerabilities that allow a user with as little as Subscriber privileges to delete attachments. The underlying issue is a lack of CSRF validation a...

6.5CVSS6.7AI score0.01003EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/03/27 12:0 a.m.6 views

WordPress plugin WP Shamsi 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.5CVSS6.9AI score0.01003EPSS
Exploits2References2
CVE
CVE
added 2022/12/16 1:54 p.m.51 views

CVE-2022-4555

The CVE-2022-4555 issue affects the WP Shamsi WordPress plugin (

6.5CVSS5.3AI score0.00665EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/09/09 3:15 p.m.11 views

CVE-2022-38058

Authenticated subscriber+ Plugin Setting change vulnerability in WP Shamsi plugin = 4.1.1 at WordPress...

4.3CVSS0.00517EPSS
Exploits0References2
OSV
OSV
added 2022/09/09 3:15 p.m.5 views

CVE-2022-38058

Authenticated subscriber+ Plugin Setting change vulnerability in WP Shamsi plugin = 4.1.1 at WordPress...

4.3CVSS5.8AI score0.00517EPSS
Exploits0References2
CVE
CVE
added 2022/09/09 2:39 p.m.74 views

CVE-2022-38058

WP Shamsi plugin for WordPress is affected up to version 4.1.1 by an authenticated settings-change vulnerability. The root cause is missing authorization checks on plugin settings changes, allowing a subscriber+ to modify settings. Remediation: update to a version greater than 4.1.1 (Patch guidan...

4.3CVSS4.6AI score0.00517EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/09 2:39 p.m.7 views

CVE-2022-38058 WordPress WP Shamsi plugin <= 4.1.1 - Authenticated Plugin Setting change vulnerability

Authenticated subscriber+ Plugin Setting change vulnerability in WP Shamsi plugin = 4.1.1 at WordPress...

4.3CVSS4.6AI score0.00517EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/09 12:0 a.m.4 views

PT-2022-24177 · WordPress · Wp Shamsi

Name of the Vulnerable Software and Affected Versions: WP Shamsi plugin versions = 4.1.1 Description: The issue is related to an authenticated plugin setting change vulnerability. This means that an attacker with subscriber or higher privileges can change plugin settings. The estimated number of...

4.3CVSS4.4AI score0.00517EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2022/09/05 12:0 a.m.16 views

WP Shamsi < 4.2.0 - Subscriber+ Settings Update

The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

4.3CVSS3.5AI score0.00517EPSS
Exploits0Affected Software1
Rows per page
Query Builder