3 matches found
CVE-2022-4555
The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate function hooked via init in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can...
CVE-2022-38058
Authenticated subscriber+ Plugin Setting change vulnerability in WP Shamsi plugin = 4.1.1 at WordPress...
CVE-2022-38058
Authenticated subscriber+ Plugin Setting change vulnerability in WP Shamsi plugin = 4.1.1 at WordPress...