Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.14 views

Advanced Floating Content Lite < 1.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The Advanced Floating Content Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.9AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.16 views

UDesign <= 4.7.3 - Reflected Cross-Site Scripting

Description The UDesign theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execut...

7.1CVSS6.5AI score0.00356EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.18 views

Jeg Elementor Kit < 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Banner

Description The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Banner widget in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00531EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.13 views

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin < 2.6.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Description The myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.5CVSS5.9AI score0.00346EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.17 views

Coupon & Discount Code Reveal Button < 1.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The Coupon & Discount Code Reveal Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS6.1AI score0.00339EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.17 views

SVS Pricing Tables <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The SVS Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via pricing table settings in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.8AI score0.00334EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.17 views

Total Poll Lite < 4.10.0 - Missing Authorization

Description The Total Poll Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetPoll function in versions up to, and including, 4.9.9. This makes it possible for authenticated attackers, with subscriber-level access and above, ...

4.3CVSS6.7AI score0.00373EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.15 views

Export and Import Users and Customers < 2.5.4 - Authenticated (Admin+) PHP Object Injection

Description The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.3 via deserialization of untrusted input in the input.php file. This makes it possible for authenticated attackers, with administrator-level...

5.4CVSS7.4AI score0.00361EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.13 views

5 Stars Rating Funnel < 1.3.02 - Missing Authorization

Description The 5 Stars Rating Funnel plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the includes/RRTNGGAjax.php file in versions up to, and including, 1.2.67. This makes it possible for unauthenticated attackers to perform...

5.3CVSS5.1AI score0.00298EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.13 views

MailerLite – Signup forms (official) 1.5.0 - 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The MailerLite – Signup forms official plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions 1.5.0 to 1.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.4AI score0.00424EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.19 views

Inline Google Spreadsheet Viewer <= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Inline Google Spreadsheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gdoc' shortcode in all versions up to, and including, 0.13.2 due to insufficient input sanitization and output escaping on user supplied attributes such as...

6.4CVSS5.8AI score0.00424EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.14 views

Photo Gallery <= 1.4.1 - Authenticated(Contributor+) PHP Object Injection via Shortcode

Description The Photo Gallery – Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.1 via deserialization via shortcode of untrusted input from the...

7.5CVSS7.2AI score0.00912EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.17 views

WP LinkedIn Auto Publish < 8.12 - Missing Authorization

Description The WP LinkedIn Auto Publish plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wplinkedinautopublishdeletealllinkedinsettings function in versions up to, and including, 8.11. This makes it possible for authenticated...

5.4CVSS6.7AI score0.00314EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.10 views

The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) < 2.0.8.3 - Authenticated (Subscriber+) Server-Side Request Forgery

Description The The Pack Elementor addons Header Footer & WooCommerce Builder, Template Library plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.8.2. This makes it possible for authenticated attackers, with subscriber-level access and...

5.4CVSS6.7AI score0.00347EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.19 views

Grid Gallery – Photo Image Grid Gallery <= 1.4.3 - Authenticated(Contributor+) PHP Object Injection via shortcode

Description The Grid Gallery – Photo Image Grid Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization via shortcode of untrusted input from the awlggsettings meta value. This makes it possible for authenticated attackers...

7.5CVSS7.1AI score0.00868EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.11 views

RomethemeForm For Elementor < 1.1.3 - Missing Authorization

Description The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to modify forms...

5.3CVSS6.9AI score0.00313EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.16 views

Elementor Addon Elements < 1.13.4 - Contributor+ Stored XSS

Description The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group, Shape Separator, Content Switcher, Info Circle and Timeline widgets due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.8AI score0.00572EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.12 views

ACF On-The-Go <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update

Description The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfgupdatefields function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access an...

4.3CVSS6.6AI score0.00361EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.17 views

Social Share Icons & Social Share Buttons < 3.6.3 - Missing Authorization to Notice Dismissal

Description The Social Share Icons & Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in versions up to, and including, 3.6.2. This makes it possible for unauthenticated attackers to dismiss notices...

5.3CVSS6.6AI score0.00327EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.9 views

Radio Player < 2.0.74 - Unauthenticated Server-Side Request Forgery

Description The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to make web requests to arbitrary...

5.4CVSS5.2AI score0.00325EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.15 views

Newsletters < 4.9.6 - Authenticated (Admin+) Arbitrary File Upload

Description The Newsletters plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.9.5. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the...

9.1CVSS8AI score0.00603EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.12 views

BizPrint < 4.5.4 - Missing Authorization via showTemplatePreview()

Description The BizPrint plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showTemplatePreview function in versions up to, and including, 4.3.39. This makes it possible for unauthenticated attackers to preview templates...

7.5CVSS7AI score0.00423EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.23 views

All in One SEO < 4.6.1.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its Post fields before outputting them back, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, create a post and put the following payload in the "Meta...

5.2AI score0.00369EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.17 views

WPCal.io – Easy Meeting Scheduler < 0.9.5.9 - Cross-Site Request Forgery

Description The WPCal.io – Easy Meeting Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.5.8. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to...

4.3CVSS6.7AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.14 views

Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor < 2.0.6.0 - Contributor+ Stored Cross-Site Scripting

Description The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 2.0.5.9 due to insufficient input sanitization and output escaping...

6.4CVSS5.8AI score0.00556EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.11 views

RomethemeKit For Elementor < 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The RomethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00326EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.29 views

Rate My Post – Star Rating Plugin by FeedbackWP < 3.4.5 - Insecure Direct Object Reference

Description The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.4 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to rate priva...

5.3CVSS7AI score0.00404EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.20 views

WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress < 3.1.4 - Cross-Site Request Forgery

Description The WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing or incorrect nonce validation on several functions. This...

4.3CVSS6.6AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.19 views

Print Labels with Barcodes < 3.4.7 - Subscriber+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the template and javascript label fields due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pag...

6.4CVSS5.8AI score0.00412EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.11 views

Evergreen Content Poster < 1.4.3 - Missing Authorization

Description The Evergreen Content Poster plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createnetworkpost function in versions up to, and including, 1.4.2. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS6.7AI score0.00312EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.18 views

Secure Copy Content Protection and Content Locking < 3.7.2 - Missing Authorization

Description The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 3.7.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

4.3CVSS6.6AI score0.00277EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.17 views

ActiveDEMAND < 0.2.42 - Unauthenticated Arbitrary File Upload

Description The ActiveDEMAND plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the apisavepost function in all versions up to, and including, 0.2.41. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

10CVSS8.3AI score0.00548EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.16 views

ACF Front End Editor <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update

Description The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatetexts function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS6.6AI score0.0034EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.19 views

Booking Ultra Pro < 1.1.13 - Authenticated (Contributor+) Privilege Escalation

Description The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.12. This makes it possible for authenticated attackers, with contributor-level access and above, to escalate their privileges...

8.8CVSS7.3AI score0.00448EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.13 views

Integrate Google Drive < 1.3.91 - Missing Authorization

Description The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 1.3.8. This makes it possible for unauthenticated attackers to perform unauthorized actions...

7AI score0.00293EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.21 views

Max Addons Pro for Bricks < 1.6.2 - Reflected Cross-Site Scripting

Description The Max Addons Pro for Bricks plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

7.1CVSS6.5AI score0.00354EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.13 views

Max Addons Pro for Bricks < 1.6.2 - Missing Authorization

Description The Max Addons Pro for Bricks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 1.6.1. This makes it possible for unauthenticated attackers to reset the plugin's settings...

6.5CVSS6.9AI score0.00438EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.16 views

Vision Interactive < 1.7.2 - Missing Authorization

Description The Vision Interactive plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on a function in versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to view deactivated items...

5.3CVSS6.9AI score0.00345EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.15 views

Integrate Google Drive < 1.3.91 - Missing Authorization

Description The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in versions up to, and including, 1.3.9. This makes it possible for unauthenticated attackers to perform unauthorized actions...

5.3CVSS7AI score0.00326EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.13 views

Widget Post Slider < 1.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Widget Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.9AI score0.00339EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.16 views

Spectra – WordPress Gutenberg Blocks < 2.12.7 - Contributor+ Path Traversal

Description The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal via the getblockdefaultattributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the contents of any files named attributes.php on the...

4.3CVSS6.5AI score0.00618EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.14 views

WP GoToWebinar < 15.1 - Missing Authorization

Description The WP GoToWebinar plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpgotowebinardeletelogcallback function in versions up to, and including, 14.46. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS6.7AI score0.00406EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.19 views

ProfileGrid – User Profiles, Memberships, Groups and Communities < 5.8.0 - Insecure Direct Object Reference

Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.9 due to missing validation on a user controlled key in the pgshowmsgpanel function. This makes it...

8.8CVSS6.7AI score0.00448EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.11 views

WP Club Manager < 2.2.12 - Missing Authorization

Description The WP Club Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcmmatchplayersitemorder function in versions up to, and including, 2.2.11. This makes it possible for unauthenticated attackers to modify an order sor...

5.3CVSS6.9AI score0.00507EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.18 views

BP Better Messages < 2.4.33 - Missing Authorization

Description The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 2.4.32. This is due to the plugin not properly verifying if a user should have access to a...

5.3CVSS7AI score0.00313EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.13 views

Sirv < 7.2.3 - Missing Authorization to Arbitrary Options Update

Description The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sirvdismissnotice function in all versions up to, and including, 7.2.2. This makes it possible for authenticated attackers, with...

8.8CVSS6.9AI score0.00434EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.9 views

Booster Extension <= 1.2.0 - Basic Information Exposure via booster_extension_authorbox_shortcode_display

Description The Booster Extension plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.0 via the 'boosterextensionauthorboxshortcodedisplay' function. This makes it possible for unauthenticated attackers to extract sensitive data including...

5.3CVSS6.7AI score0.00516EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.20 views

Page Builder: Live Composer < 1.5.39 - Missing Authorization

Description The Page Builder: Live Composer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the dslcajaxaddmodule function in versions up to, and including, 1.5.38. This makes it possible for authenticated attackers, with author-level...

4.7CVSS6.7AI score0.00379EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.10 views

Print Labels with Barcodes < 3.4.7 - Subscriber+ Settings/Profiles Update, Templates/Barcodes Access/Creation/Edition/Deletion

Description The plugin is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJAX functions. This makes it possible for authenticated attackers, with subscriber access and above, to fully control the plugin which...

8.8CVSS6.1AI score0.00514EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.15 views

SVS Pricing Tables <= 1.0.4 - Cross-Site Request Forgery to Pricing Table Deletion

Description The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the deletePricingTable function. This makes it possible for unauthenticated attackers to delete...

4.3CVSS6.4AI score0.00211EPSS
Exploits0References1
Total number of security vulnerabilities14603