Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.15 views

Vitepos < 3.0.2 - Missing Authorization

Description The Vitepos plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions...

4.3CVSS6.7AI score0.00376EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.15 views

Advanced Most Recent Posts Mod <= 1.6.5.2 - Authenticated (Author+) Stored Cross-Site Scripting

Description The Advanced Most Recent Posts Mod plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and...

5.9CVSS5.9AI score0.00321EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.18 views

WordPress Ad Widget <= 2.20.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The WordPress Ad Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.20.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.7AI score0.00341EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.10 views

LA-Studio Element Kit for Elementor < 1.3.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via LaStudioKit Post Author Widget

Description The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's LaStudioKit Post Author widget in all versions up to, and including, 1.3.7.5 due to insufficient input sanitization and output escaping on user supplied attribute...

6.4CVSS5.8AI score0.00333EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.16 views

KB Support < 1.6.1 - Missing Authorization

Description The KB Support plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the kbsajaxdisplayticketnotes and kbsajaxdisplayticketreplies function in versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, wit...

6.5CVSS6.6AI score0.00466EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.18 views

XStore Core <= 5.3.5 - Unauthenticated SQL Injection

Description The XStore Core plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...

9.8CVSS7.8AI score0.00614EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.16 views

XStore Core <= 5.3.5 - Unauthenticated PHP Object Injection

Description The XStore Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.3.5 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin...

9.8CVSS7.7AI score0.00576EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.16 views

Pretty Google Calendar < 2.0.0 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...

6.5CVSS6.3AI score0.00322EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.15 views

VOD Infomaniak <= 1.5.6 - Reflected Cross-Site Scripting

Description The VOD Infomaniak plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.5.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

7.1CVSS6.5AI score0.00426EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.17 views

Piotnet Addons For Elementor Pro <= 7.1.17 - Unauthenticated Server-Side Request Forgery

Description The Piotnet Addons For Elementor Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.17. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application...

5.4CVSS7AI score0.0029EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.13 views

Easy Accept Payments < 5.0 - Missing Authorization

Description The Easy Accept Payments via PayPal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.9.10. This makes it possible for unauthenticated attackers to perform an unauthorized action...

7.5CVSS7AI score0.00469EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.12 views

Absolutely Glamorous Custom Admin < 7.2.4 - Admin+ SSRF

Description The plugin is vulnerable to Server-Side Request Forgery, allowing authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal servic...

4.4CVSS9.2AI score0.00294EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.28 views

XStore < 9.3.9 - Unauthenticated Local File Inclusion

Description The theme is vulnerable to Local File Inclusion, allowing unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution...

9CVSS9.9AI score0.00597EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.23 views

Barcode Scanner with Inventory & Order Manager < 1.5.4 - Missing Authorization

Description The Barcode Scanner with Inventory & Order Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to perform an unauthorized action...

9.1CVSS7AI score0.00413EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.12 views

Serious Slider <= 1.2.4 - Cross-Site Request Forgery

Description The Serious Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action...

4.3CVSS6.7AI score0.00214EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.17 views

XStore Core <= 5.3.5 - Authenticated (Subscriber+) Limited Arbitrary File Upload

Description The XStore Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 5.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the...

9.8CVSS8AI score0.00583EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.24 views

XforWooCommerce <= 2.0.2 - Authenticated (Subscriber+) Local File Inclusion

Description The XforWooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to include and execute arbitrary files on the server, allowing the...

8.8CVSS7.9AI score0.0059EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.11 views

FameTheme Demo Importer < 1.1.6 - Cross-Site Request Forgery

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an action such as...

4.3CVSS6.2AI score0.00184EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.9 views

Opal Widgets For Elementor <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Opal Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS5.9AI score0.00334EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.15 views

Follow Us Badges < 3.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsite_follow_us_badges Shortcode

Description The Follow Us Badges plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsitefollowusbadges shortcode in all versions up to, and including, 3.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.00324EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.18 views

SSU < 1.5.1 - Missing Authorization

Description The SSU plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deleteawsoptions function in versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to delete AWS options...

7.5CVSS6.9AI score0.00566EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.18 views

WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting < 1.13.2 - Authenticated (AccountingManager+) SQL Injection

Description The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.13.1 due to insufficient escaping on the user supplied parameter...

7.2CVSS7.3AI score0.00781EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.17 views

WPZOOM Addons for Elementor (Templates, Widgets) <= <=1.1.35 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WPZOOM Addons for Elementor Templates, Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.1.35 due to insufficient input sanitization and output escaping on user supplied attributes like...

6.5CVSS5.9AI score0.00404EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.15 views

Filterable Portfolio <= 1.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Filterable Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.7AI score0.00382EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.17 views

XStore < 9.3.9 - Subscriber+ Arbitrary Options Update

Description The theme is vulnerable to unauthorized modification of data due to a missing capability check on a function, allowing authenticated attackers, with subscriber-level access and above, to update arbitrary options which can be used to achieve privilege escalation...

8.8CVSS9.3AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.15 views

Better Elementor Addons < 1.4.2 - Authenticated(Contributor+) Local File Inclusion

Description The Better Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.1. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowi...

6.5CVSS7.9AI score0.00498EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.14 views

WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Missing Authorization

Description The WooCommerce Amazon Affiliates - Wordpress Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 14.0.10. This makes it possible for unauthenticated attackers to perform an unauthorized...

9.8CVSS6.9AI score0.00365EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.13 views

XStore < 9.3.9 - Missing Authorization

Description The theme is vulnerable to unauthorized access due to a missing capability check on a function, allowing unauthenticated attackers to perform an unauthorized action...

9.8CVSS9.4AI score0.00434EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.35 views

Customify Site Library <= 0.0.9 - Unauthenticated Remote Code Execution

Description The Customify Site Library plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.0.9. This makes it possible for unauthenticated attackers to execute code on the server...

9.9CVSS8.2AI score0.01117EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.19 views

Hide Dashboard Notifications < 1.3 - Cross-Site Request Forgery

Description The Hide Dashboard Notifications plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the warningnoticessettings function. This makes it possible for unauthenticated...

4.3CVSS6.3AI score0.00201EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.32 views

Smart Recent Posts Widget <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Smart Recent Posts Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.7AI score0.00338EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.15 views

Sydney Toolbox < 1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor acce...

6.4CVSS5.8AI score0.00602EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.15 views

Piotnet Addons For Elementor Pro <= 7.1.17 - Missing Authorization to Arbitrary Post/Page Deletion

Description The Piotnet Addons For Elementor Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on a function in all versions up to, and including, 7.1.17. This makes it possible for unauthenticated attackers to delete arbitrary pages and posts...

7.5CVSS7AI score0.00566EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.13 views

CF7 File Download – File Download for CF7 <= 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The CF7 File Download – File Download for CF7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.9CVSS5.7AI score0.00338EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.11 views

MainWP Child Reports < 2.2 - Cross-Site Request Forgery

Description The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the uninstall function. This makes it possible for unauthenticated attackers to deactivate the...

5.4CVSS5.2AI score0.00198EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.22 views

Barcode Scanner with Inventory & Order Manager < 1.5.4 - Unauthenticated Privilege Escalation

Description The Barcode Scanner and Inventory manager. POS Point of Sale – scan barcodes & create orders with barcode reader. plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.3. This is due to the plugin not properly restricting user meta values...

9.8CVSS7.4AI score0.00501EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.18 views

XStore < 9.3.9 - Reflected Cross-Site Scripting

Description The theme is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...

7.1CVSS7.1AI score0.00418EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.17 views

Radio Station by netmix® – Manage and play your Show Schedule in WordPress! < 2.5.8 - Cross-Site Request Forgery to Notice Dismissal

Description The Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.7. This is due to missing or incorrect nonce validation on the radiostationnoticedismiss function...

4.3CVSS6.3AI score0.00203EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.23 views

Knowledge Base documentation & wiki plugin – BasePress < 2.16.2.1 - Missing Authorization

Description The Knowledge Base documentation & wiki plugin – BasePress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in versions up to, and including, 2.16.1. This makes it possible for authenticated attackers, with...

5.4CVSS5.2AI score0.0039EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.14 views

Contact Form 7 Extension For Mailchimp <= 0.5.70 - Cross-Site Request Forgery

Description The Contact Form 7 Extension For Mailchimp plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.70. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform...

4.3CVSS6.5AI score0.00201EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.12 views

Carousel Slider < 2.2.11 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks PoC 1. Create a new slider and inset: 1212"onmouseover='alert1' to "URL View" field...

5.8AI score0.00399EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.28 views

XStore Core <= 5.3.5 - Unauthenticated Privilege Escalation

Description The XStore Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.3.5. This makes it possible for unauthenticated attackers to gain higher privileged access to a vulnerable site...

9.8CVSS7.5AI score0.00571EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.25 views

Payment Gateway Based Fees and Discounts for WooCommerce < 2.12.2 - Cross-Site Request Forgery to Notice Dismissal

Description The Payment Gateway Based Fees and Discounts for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.12.1. This is due to missing or incorrect nonce validation on the dismissnotice function. This makes it possible for...

4.3CVSS6.6AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.11 views

Master Addons for Elementor < 2.0.5.6 - Missing Authorization on Duplicate Post

Description The Master Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the jltmaduplicatorrowactions function in versions up to, and including, 2.0.5.4.1. This makes it possible for authenticated attackers, with...

8.8CVSS6.5AI score0.00452EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.56 views

Element Pack Pro <= 7.7.4 - Authenticated (Contributor+) Arbitrary File Read and PHAR Deserialization

Description The Element Pack Pro - Addon for Elementor Page Builder WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.7.4. This makes it possible for authenticated attackers, with contributor-level access and above, to read the...

8.5CVSS6.6AI score0.00523EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.13 views

XStore Core <= 5.3.5 - Authenticated (Subscriber+) Limited Arbitrary File Download

Description The et-core-plugin plugin for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 5.3.5. This is due to the plugin not properly restricting which files can be downloaded. This makes it possible for authenticated attackers, with subscriber-level...

6.5CVSS6.5AI score0.00435EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.13 views

Fan Page Widget by ThemeNcode < 2.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.8AI score0.00338EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.17 views

Booster for WooCommerce < 7.1.9 - Unauthenticated Arbitrary Shortcode Execution

Description The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed...

7.3CVSS7.8AI score0.00884EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.10 views

Meks ThemeForest Smart Widget <= 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Meks ThemeForest Smart Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.7AI score0.00338EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.15 views

Auto Featured Image (Auto Post Thumbnail) <= 4.0.0 - Authenticated (Author+) Server-Side Request Forgery

Description The Auto Featured Image Auto Post Thumbnail plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrary location...

4.4CVSS6.7AI score0.00277EPSS
Exploits0References1
Total number of security vulnerabilities14603