Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.12 views

Photos and Files Contest Gallery < 21.3.2.1 - Authenticated (Contributor+) SQL Injection

Description The Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 21.3.2 due to insufficient escaping on the user supplied parameter and...

8.8CVSS7.1AI score0.00631EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.19 views

Unique <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Unique theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 0.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS6AI score0.00408EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.21 views

Xserver Migrator < 1.6.2.1 - Arbitrary File Upload via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to upload arbitrary files granted they can trick a site administrator into performing an action such as...

9.6CVSS9.2AI score0.00263EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.16 views

Realtyna Organic IDX plugin < 4.14.8 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.4AI score0.00334EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.17 views

Democracy Poll <= 6.0.3 - Missing Authorization

Description The Democracy Poll plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 6.0.3. This makes it possible for unauthenticated attackers to perform an unauthorized action...

5.3CVSS7AI score0.0036EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.13 views

Ultimate Under Construction < 1.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Ultimate Under Construction plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.9AI score0.00338EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.19 views

Eleblog – Elementor Blog And Magazine Addons <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Eleblog – Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...

6.5CVSS5.9AI score0.00312EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.15 views

Sliding Widgets <= 1.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Description The Sliding Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

6.5CVSS5.7AI score0.00361EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.13 views

Progressive WordPress (PWA) <= 2.1.13 - Missing Authorization

Description The Progressive WordPress PWA plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform ...

4.3CVSS6.5AI score0.00372EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.19 views

WP Media folder < 5.7.3 - Missing Authorization to Authenticated(Subscriber+) Title Modification

Description The wp-media-folder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in all versions up to, and including, 5.7.2. This makes it possible for authenticated attackers, with subscriber access and above, to...

4CVSS6.5AI score0.00337EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.19 views

Print My Blog – Print, PDF, & eBook Converter WordPress Plugin < 3.26.3 - Missing Authorization

Description The Print My Blog – Print, PDF, & eBook Converter WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions like the saveProjectGenerate function in all versions up to, and including, 3.26.2. This...

5.3CVSS6.7AI score0.00454EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.13 views

Edge < 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Display Name

Description The Edge theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrar...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.15 views

Sheets To WP Table Live Sync < 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Table Plugin for WordPress with Google Sheets Integration – Sheets to WP Table Live Sync plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. Thi...

5.9CVSS5.7AI score0.00359EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.15 views

Edwiser Bridge < 3.0.6 - Authentication Bypass due to Missing Empty Value Check

Description The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'ebuseremailverificationkey' default value is empty, and the not empty check is missing in the 'ebuseremailverify' function. This makes it...

9.8CVSS7.1AI score0.00902EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.12 views

ADFO – Custom data in admin dashboard < 1.9.1 - Cross-Site Request Forgery

Description The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.0. This is due to missing or incorrect nonce validation on several functions hooked via the controller function. This makes it possible...

4.3CVSS6.6AI score0.00215EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.9 views

ADFO – Custom data in admin dashboard < 1.9.1 - Reflected Cross-Site Scripting

Description The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dbpid' parameter in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS6.5AI score0.00507EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.18 views

Advanced Ads – Ad Manager & AdSense < 1.52.2 - Authenticated (Admin+) PHP Object Injection

Description The Advanced Ads plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.52.1 via deserialization of untrusted input in the 'placementslug' parameter. This makes it possible for authenticated attackers to inject a PHP Object. No POP chain is...

7.2CVSS7.4AI score0.0094EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.9 views

Advanced Ads – Ad Manager & AdSense < 1.52.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Ad Widget

Description The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Ad widget in all versions up to, and including, 1.52.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.00436EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.13 views

Soccer Engine – Soccer Plugin for WordPress < 1.13 - Cross-Site Request Forgery

Description The Soccer Engine – Soccer Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation when saving match and team settings. This makes it possible for...

4.3CVSS6.5AI score0.00215EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.11 views

Adventure Journal <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Adventure Journal theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00408EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.10 views

Restaurant and Cafe < 1.2.2 - Cross-Site Request Forgery to Notice Dismissal

Description The Restaurant and Cafe theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to dismiss notices via a forged...

4.3CVSS6.4AI score0.00208EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.11 views

HT Mega – Absolute Addons For Elementor < 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tooltip & Popover Widget

Description The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tooltip & Popover Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

6.4CVSS5.9AI score0.00428EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.24 views

The Plus Addons for Elementor < 5.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate

Description The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.9AI score0.00333EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.24 views

RomethemeKit For Elementor < 1.4.2 - Missing Authorization

Description The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the addNewPost function in versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to add new posts...

6.5CVSS6.7AI score0.00438EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.15 views

EventON < 2.2.15 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.2AI score0.00341EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.20 views

Share This Image < 1.99 - Open Redirect

Description The plugin is vulnerable to Open Redirect due to insufficient validation on a redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action...

4.7CVSS4.7AI score0.00384EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.15 views

Pliska < 0.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Display Name

Description The Pliska theme for WordPress is vulnerable to Stored Cross-Site Scripting via author display names in all versions up to, and including, 0.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.5CVSS5.9AI score0.00411EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.11 views

Giphypress <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Giphypress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.9AI score0.00308EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.17 views

Digital Publications by Supsystic < 1.7.8 - Missing Authorization

Description The WordPress Flipbook by Supsystic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.7. This makes it possible for unauthenticated attackers to perform an unauthorized action...

5.3CVSS7AI score0.00424EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.9 views

Google Typography <= 1.1.2 - Missing Authorization

Description The Google Typography plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...

4.3CVSS6.3AI score0.00445EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.11 views

PropertyHive < 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The PropertyHive plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.17 views

WP Post Author <= 3.6.5 - Missing Authorization

Description The WP Post Author plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function allowing authenticated attackers, with subscriber-level access and above, to perform an unauthorized action...

4.3CVSS4.8AI score0.00358EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.9 views

Squelch Tabs and Accordions Shortcodes < 0.4.8 - Cross-Site Request Forgery

Description The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.7. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attacke...

4.3CVSS6.6AI score0.00215EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.13 views

Custom Field Suite < 2.6.6 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cfsfieldsname' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.9AI score0.00557EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.18 views

ReviewX < 1.6.22 - Missing Authorization

Description The ReviewX plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the remotepost function in versions up to, and including, 1.6.21. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform a post...

8.8CVSS6.5AI score0.00399EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.16 views

Debug Log Manager < 2.3.2 - Missing Authorization via toggle_debugging

Description The Debug Log Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggledebugging function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS6.7AI score0.00337EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.21 views

GWP-Histats <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The GWP-Histats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.9AI score0.00312EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.17 views

Preview E-mails for WooCommerce < 2.2.2 - Reflected Cross-Site Scripting

Description The Preview E-mails for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.1CVSS6.3AI score0.00375EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.10 views

WidgetKit <= 2.5.0 - Missing Authorization to Notice Dismissal

Description The WidgetKit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wktdadsdismissnotice function in versions up to, and including, 2.4.8. This makes it possible for unauthenticated attackers to dismiss notices...

5.3CVSS6.7AI score0.00404EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.19 views

BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net < 1.1.4.3 - Reflected Cross-Site Scripting

Description The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.1.4.2 due to insufficient input sanitization and output escaping. This makes it possibl...

7.1CVSS6.3AI score0.00372EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.15 views

AJAX Login and Registration modal popup + inline form <= 2.23 - Authenticated (Author+) Stored Cross-Site Scripting

Description The AJAX Login and Registration modal popup + inline form plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.9AI score0.00359EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.20 views

JW Player for WordPress <= 2.3.3 - Missing Authorization

Description The JW Player for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to perform an unauthorized action...

6.5CVSS6.7AI score0.00429EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.16 views

School Management Pro <= 10.3.4 - Authenticated (School Admin+) SQL Injection

Description The The School Management Pro plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 10.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.6CVSS7.5AI score0.01094EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.14 views

AI Engine < 2.1.5 - Authenticated (Editor+) Server-Side Request Forgery

Description The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.1.4 via the downloadimage function. This makes it possible for authenticated attackers, with editor-level access and above, to make web requests to arbitrary locatio...

6.8CVSS6.5AI score0.00885EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.19 views

Tumult Hype Animations < 1.9.13 - Authenticated (Author+) Arbitrary File Upload

Description The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the hypeanimationspanelupload functionin all versions up to, and including, 1.9.12. This makes it possible for authenticated attackers, with author-level...

9.1CVSS7.7AI score0.00679EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.17 views

Sina Extension for Elementor < 3.5.2 - Authenticated (Contributor+) Local File Inclusion

Description The Sina Extension for Elementor Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.5.1. This makes it possible for authenticated...

8.8CVSS7.3AI score0.00567EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.16 views

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup < 4.0.27 - Authenticated (Contributor+) PHP Object Injection

Description The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.0.26 via deserialization of untrusted input. This makes it possible for authenticated...

8.8CVSS7.2AI score0.00608EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.11 views

Mooberry Book Manager < 4.15.13 - Unauthenticated Information Exposure via Export Files

Description The Mooberry Book Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.12 via exported files. This makes it possible for unauthenticated attackers to extract potentially sensitive information from those files...

5.3CVSS6.4AI score0.00461EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.8 views

SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update

Description The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdmsavecategory AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with...

4.3CVSS6.8AI score0.0042EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.17 views

Academy LMS < 1.9.17 - Missing Authorization

Description The Academy LMS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on afunction in versions up to, and including, 1.9.16. This makes it possible for authenticated attackers, with student-level access and above, to perform an unauthorized action...

8.8CVSS6.7AI score0.0044EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14602