Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2 days ago5 views

NativeChurch <= 4.8.8.2 - Reflected Cross-Site Scripting

Description The NativeChurch theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.8.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2026/06/23 12:0 a.m.4 views

24liveblog <= 2.2 - Authenticated (Contributor+) Exposure of Sensitive Information via Block Editor Script Localization

Description The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is due to the lb24blockenqueuescripts function being hooked to enqueueblockeditorassets and, for any non-administrator user, falling back...

4.3CVSS5.8AI score0.0021EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2026/06/23 12:0 a.m.5 views

24liveblog <= 2.2 - Missing Authorization to Authenticated (Author+) Settings Modification via update_lb24_token AJAX action

Description The 24liveblog - live blog tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatelb24token AJAX function in versions up to, and including, 2.2. The handler only verifies the 'lb24' nonce which is generated and...

4.3CVSS5.8AI score0.00215EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2026/06/18 12:0 a.m.4 views

2Download Connector for 2DL Hosted Checkout < 0.1.6 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure via 'ToDownload_email' Parameter

Description The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS6AI score0.00299EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2026/06/08 12:0 a.m.7 views

TinyMCE shortcode Addon <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute

Description The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

6.4CVSS5.5AI score0.00228EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2026/06/08 12:0 a.m.7 views

6Storage Rentals <= 2.22.0 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification via 'userId' Parameter

Description The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the sixstoragegetuserinfo and sixstorageupdateprofile AJAX actions. This is due to the sixstoragegetUserIn...

7.5CVSS5.3AI score0.00403EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2026/06/01 12:0 a.m.10 views

DearFlip – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer < 2.4.30 - Missing Authorization

Description The DearFlip – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.4.29. This makes it possible for authenticated attackers, with contributor-leve...

4.3CVSS5.5AI score0.00162EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2026/05/07 12:0 a.m.14 views

3D viewer – Embed 3D Models < 1.8.6 - Missing Authorization

Description The 3D viewer – Embed 3D Models plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.8.5. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an...

4.3CVSS5.8AI score0.00141EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2026/05/05 12:0 a.m.9 views

12 Step Meeting List < 3.19.10 - Unauthenticated Information Exposure

Description The 12 Step Meeting List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.19.9. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2026/04/30 12:0 a.m.8 views

Avada < 7.13.2 - Cross-Site Request Forgery

Description The Avada theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 7.13.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted...

4.3CVSS5.1AI score0.001EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2026/04/15 12:0 a.m.11 views

12 Step Meeting List < 3.19.10 - Missing Authorization

Description The 12 Step Meeting List plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.19.9. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2026/03/10 12:0 a.m.9 views

Dear Flipbook < 2.4.27 - Authenticated (Auhtor+) Stored Cross-Site Scripting via PDF Page Labels

Description The Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via PDF page labels in all versions up to, and including, 2.4.20 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS5.9AI score0.00152EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2026/02/16 12:0 a.m.13 views

Dating <= 11.2.0 - Missing Authorization

Description The Dating theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 11.2.0. This makes it possible for unauthenticated attackers to perform an unauthorized action...

5.5AI score0.00261EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2026/01/15 12:0 a.m.10 views

Dating <= 11.2.0 - Cross-Site Request Forgery

Description The Dating theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 11.2.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged...

5.3AI score0.00184EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2026/01/08 12:0 a.m.11 views

Notification Bar for WordPress <= 1.1.8 – Unauthenticated Subscriber Data Disclosure

Description The plugin exposes an unauthenticated CSV export script that discloses all stored subscriber emails. PoC https://example.com/wp-content/plugins/8-degree-notification-bar/inc/backend/blocks/export-csv.php...

5.4AI score
Exploits1
WPVulnDB
WPVulnDB
added 2026/01/06 12:0 a.m.9 views

1180px Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute

Description The 1180px Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.1AI score0.00227EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2026/01/05 12:0 a.m.7 views

6Storage Rentals <= 2.20.0 - Authenticated (Subscriber+) Server-Side Request Forgery

Description The 6Storage Rentals plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from...

9.1CVSS5.7AI score0.00163EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/12/19 12:0 a.m.8 views

Avada <= 7.13.2 - Missing Authorization

Description The Avada theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 7.13.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action...

8.8CVSS5AI score0.00214EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/12/12 12:0 a.m.8 views

404 Solution < 3.1.1 - Authenticated (Admin+) SQL Injection via 'filterText' Parameter

Description The 404 Solution plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This is due to improper sanitization of the...

4.9CVSS7AI score0.00308EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/11/17 12:0 a.m.9 views

0 Day Analytics < 4.1.0 - Authenticated (Administrator+) SQL Injection

Description The 0 Day Analytics plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers,...

7.6CVSS6.6AI score0.00233EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/11/11 12:0 a.m.7 views

Image Gallery block – Create and display photo gallery/photo album. < 2.0.0 - Missing Authorization

Description The Image Gallery Block – Create and Display Photo Galleries plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with...

8.8CVSS5.1AI score0.00264EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/10/01 12:0 a.m.13 views

WP < 6.8.3 - Contributor+ Sensitive Data Disclosure

Description WordPress is affected by a data exposure issue which could allow contributor and above roles to access some restricted content...

4.3CVSS6.6AI score0.0025EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2025/10/01 12:0 a.m.15 views

WP < 6.8.3 - Author+ DOM Stored XSS

Description WordPress does not escape some data when writting in into the DOM of a page, which could allow users with a role of Author and perform to perform Stored XSS attacks...

5.9CVSS6AI score0.00203EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2025/08/18 12:0 a.m.10 views

12 Step Meeting List < 3.18.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The 12 Step Meeting List plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.18.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, ...

6.5CVSS5.9AI score0.00196EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/08/01 12:0 a.m.7 views

360 Photo Spheres <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The 360 Photo Spheres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sphere' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.6AI score0.00182EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/07/09 12:0 a.m.15 views

Litho < 3.1 - Unauthenticated Arbitrary File Deletion

Description The Litho theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code...

8.6CVSS7.3AI score0.00402EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/07/03 12:0 a.m.11 views

Magnific Popups JavaScript Library < 1.2.0 - Contributor+ Stored XSS

Description Multiple plugins are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library version 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.00292EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/06/30 12:0 a.m.11 views

Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer < 2.3.67 - DOM-Based Reflected Cross-Site Scripting via 'pdf-source'

Description The Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via the ‘pdf-source’ parameter in all versions up to, and including, 2.3.65 due to insufficient input sanitization and output escaping...

6.1CVSS5.9AI score0.0026EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/06/11 12:0 a.m.12 views

404 Page by SeedProd < 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The 404 Page by SeedProd plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, ...

5.9CVSS5.9AI score0.00225EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/06/10 12:0 a.m.11 views

6Storage Rentals <= 2.19.6 - Missing Authorization

Description The 6Storage Rentals plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.19.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an...

4.3CVSS6.7AI score0.00243EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/05/23 12:0 a.m.10 views

4stats <= 2.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Description The 4stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the stats/stats.php page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS6.6AI score0.00255EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/05/20 12:0 a.m.13 views

6Storage Rentals <= 2.19.9 - Missing Authorization

Description The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action...

6.5CVSS6.6AI score0.00323EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/05/08 12:0 a.m.18 views

1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload

Description The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'startrestore' function in all versions up to, and including, 2.2. This makes it possible for...

8.8CVSS7.4AI score0.01241EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/04/30 12:0 a.m.15 views

360 View <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The 360 View plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.7AI score0.00209EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/04/24 12:0 a.m.10 views

1 Decembrie 1918 <= 1.dec.2012 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Description The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.dec.2012. This is due to missing or incorrect nonce validation on the 1-decembrie-1918/1-decembrie-1918.php page. This makes it possible for unauthenticated...

6.1CVSS6.3AI score0.00261EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/04/21 12:0 a.m.8 views

ZooEffect <= 1.11 - Reflected Cross-Site Scripting

Description The ZooEffect plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.3AI score0.00208EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/04/15 12:0 a.m.10 views

5sterrenspecialist <= 1.4 - Reflected Cross-Site Scripting

Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...

7.1CVSS7AI score0.00257EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/04/10 12:0 a.m.10 views

1 Click WordPress Migration <= 2.2 - Unauthenticated Information Disclsoure

Description The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...

5.3CVSS6.5AI score0.00801EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/04/08 12:0 a.m.9 views

1-Click Backup & Restore Database <= 1.0.3 - Missing Authorization

Description The 1-Click Backup & Restore Database plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to perform an unauthorized action...

5.4CVSS6.7AI score0.00458EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/04/08 12:0 a.m.8 views

6Storage Rentals <= 2.19.8 - Missing Authorization

Description The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action...

5.4CVSS6.2AI score0.00458EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/04/07 12:0 a.m.9 views

3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'printer_text'

Description The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printertext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

4.9CVSS7.5AI score0.00359EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/04/07 12:0 a.m.8 views

3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'material_text'

Description The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'materialtext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

4.9CVSS7.5AI score0.00359EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/04/07 12:0 a.m.11 views

3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'coating_text'

Description The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coatingtext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

4.9CVSS7.5AI score0.00359EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/04/07 12:0 a.m.8 views

3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'infill_text'

Description The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infilltext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

4.9CVSS7.5AI score0.00353EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/04/02 12:0 a.m.9 views

3DPrint Lite < 2.1.3.6 - Cross-Site Request Forgery

Description The 3DPrint Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action...

4.3CVSS6.7AI score0.00197EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/03/12 12:0 a.m.12 views

4 author cheer up donate <= 1.3 - Reflected Cross-Site Scripting

Description The 4 author cheer up donate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

7.1CVSS6.3AI score0.00352EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/03/03 12:0 a.m.15 views

17TRACK for WooCommerce <= 1.2.10 - Reflected Cross-Site Scripting

Description The 17TRACK for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.1CVSS6.1AI score0.00257EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/02/20 12:0 a.m.15 views

3D Photo Gallery <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

Description The 3D Photo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'des' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-leve...

6.4CVSS7.8AI score0.00229EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/02/18 12:0 a.m.12 views

what3words Address Field < 4.0.16 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Description The what3words Address Field plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.15. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and...

7.1CVSS9.1AI score0.00135EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/02/17 12:0 a.m.15 views

1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Unauthenticated Sensitive Information Exposure via Database Backup in class-ocm-backup.php

Description The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive...

5.9CVSS6.1AI score0.01575EPSS
Exploits0References1
Total number of security vulnerabilities14602