Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2024/02/29 12:0 a.m.10 views

Booking for Appointments and Events Calendar – Amelia < 1.0.99 - Reflected Cross-Site Scripting

Description The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the date parameters in all versions up to, and including, 1.0.98 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS6.2AI score0.0048EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/29 12:0 a.m.18 views

Premium Addons for Elementor < 4.10.22 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the Image Settings URL of the Banner, Team Members, and Image Scroll widgets due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

6.4CVSS5.7AI score0.00423EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/29 12:0 a.m.18 views

Exclusive Addons for Elementor < 2.6.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Covid-19 Stats Widget

Description The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Covid-19 Stats Widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

6.4CVSS5.7AI score0.00449EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/29 12:0 a.m.20 views

Download Manager < 3.2.86 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS5.8AI score0.00543EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/29 12:0 a.m.12 views

Exclusive Addons for Elementor < 2.6.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget

Description The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

6.4CVSS5.7AI score0.00423EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/29 12:0 a.m.32 views

WPvivid Backup and Migration < 0.9.69 - Unauthenticated SQLi & DoS

Description The plugin is vulnerable to unauthorized access due to a missing capability check on the getrestoreprogress and restore functions, allowing unauthenticated attackers to exploit a SQL injection vulnerability or trigger a DoS...

9.8CVSS8.1AI score0.01075EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.12 views

Custom Field Suite < 2.6.5 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the meta values. This makes it possible for authenticated attackers, wit...

4.8CVSS5.7AI score0.00342EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.11 views

Friends < 2.8.6 - Authenticated (Admin+) Blind Server-Side Request Forgery

Description The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discoveravailablefeeds function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to...

5.5CVSS6.5AI score0.00459EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.17 views

Marketing Optimizer <= 20200925 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Description The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20200925. This is due to missing or incorrect nonce validation via the admin/main-settings-page.php file. This makes it possible for unauthenticated attackers...

4.3CVSS6.4AI score0.00202EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.11 views

Restaurant Solutions – Checklist 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Restaurant Solutions – Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Checklist points in version 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.8CVSS5.8AI score0.0042EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.24 views

Download Media <= 1.4.2 - Missing Authorization via generate_link_for_media

Description The Download Media plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'generatelinkformedia' function in versions up to, and including, 1.4.2. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS6.3AI score0.00439EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.20 views

Avada | Website Builder For WordPress & WooCommerce < 7.11.5 - Authenticated (Contributor+) Arbitrary File Upload

Description The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaximportoptions function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers,...

8.8CVSS8.9AI score0.01161EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.13 views

Fontific | Google Fonts <= 0.1.6 - Cross-Site Request Forgery via ajax_fontific_save_all

Description The Fontific | Google Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.6. This is due to missing or incorrect nonce validation on the 'ajaxfontificsaveall' function. This makes it possible for unauthenticated attackers to...

7.1CVSS6.2AI score0.00187EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.12 views

Page Restrict <= 2.5.5 - Unauthenticated Protected Post Access

Description The plugin is vulnerable to information disclosure due to the plugin not properly restricting access to posts via the REST API when a page has been made private, allowing unauthenticated attackers to view protected posts...

5.3CVSS6.5AI score0.00496EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.25 views

Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS

Description The plugin does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users. PoC await fetch"http://vulnerable-site.tld/wp-content/plugins/simple-ajax-chat/simple-ajax-chat-core.php?sacSendChat=yes", "credentials": "include",...

6.5AI score0.00452EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.20 views

Configure SMTP <= 3.1 - Reflected Cross-Site Scripting

Description The Configure SMTP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

7.1CVSS6.5AI score0.00354EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.17 views

WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit <= 1.0.9 - Unauthenticated Sensitive Information Exposure

Description The WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...

5.3CVSS6.7AI score0.00443EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.11 views

WP Private Content Plus <= 3.6 - Unauthenticated Protected Post Access

Description The plugin is vulnerable to information disclosure due to the plugin not properly restricting access to posts via the REST API when a page has been made private, allowing unauthenticated attackers to view protected posts...

5.3CVSS6.5AI score0.00603EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.16 views

PayU India <= 3.8.2 - Reflected Cross-Site Scripting via type

Description The PayU India plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘type’ parameter in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.1CVSS6.2AI score0.00357EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.12 views

WP Shortcodes Plugin < 7.0.4 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its suqrcode shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS5.9AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.24 views

WPvivid Backup for MainWP < 0.9.33 - Reflected Cross-Site Scripting

Description The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS6.5AI score0.0061EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.11 views

Advanced iFrame < 2024.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advancediframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additionaljs attribute...

5.4CVSS5.7AI score0.00282EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.20 views

System Dashboard < 2.8.10 - XSS via Header Injection

Description The plugin does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks PoC X-Forwarded-For: 11.11.11.11...

5.9AI score0.00813EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.24 views

Events Manager < 6.4.7 - Authenticated(Administator+) Stored Cross-Site Scripting via settings

Description The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-leve...

4.8CVSS5.9AI score0.00685EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.18 views

Booking Calendar < 1.3.83 - CSRF appointment scheduling

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying. PoC...

6.5AI score0.00384EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.14 views

Watermark RELOADED <= 1.3.5 - Cross-Site Request Forgery via optionsPage

Description The Watermark RELOADED plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.5. This is due to missing or incorrect nonce validation on the 'optionsPage' function. This makes it possible for unauthenticated attackers to update plugin...

7.1CVSS6.2AI score0.00236EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.12 views

Tainacan < 0.20.7 - Unauthenticated Sensitive Information Exposure

Description The Tainacan plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.20.6. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...

7.5CVSS5.2AI score0.00515EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.20 views

postMash – custom post order <= 1.2.0 - Reflected Cross-Site Scripting via m

Description The postMash – custom post order plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘m’ parameter in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

7.1CVSS6.5AI score0.00351EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.10 views

Rolo Slider <= 1.0.9 - Missing Authorization to Authenticated(Subscriber+) Settings Change

Description The Rolo Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxcallback' function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber access and above, t...

7.7CVSS6.6AI score0.00333EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.27 views

SoundCloud Shortcode < 4.0.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.8AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.22 views

BeePress <= 6.9.8 - Cross-Site Request Forgery via beepress-pro.php

Description The BeePress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.9.8. This is due to missing or incorrect nonce validation on multiple functions in the beepress-pro.php. This makes it possible for unauthenticated attackers to modify the...

7.1CVSS6.6AI score0.00184EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.15 views

Travelpayouts < 1.1.17 - Open Redirect

Description The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. PoC...

6.4AI score0.00891EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.13 views

Adsmonetizer < 3.1.3 - Reflected Cross-Site Scripting

Description The plugin is vulnerable to Reflected Cross-Site Scripting via the token parameter due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a us...

7.1CVSS6.7AI score0.00351EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.14 views

Media Alt Renamer 0.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via _wp_attachment_image_alt postmeta

Description The Media Alt Renamer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpattachmentimagealt’ postmeta parameter in versions up to 0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.8AI score0.00336EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.16 views

Page Restriction WordPress (WP) < 1.3.5 - Unauthenticated Protected Post Access

Description The plugin is vulnerable to information disclosure due to the plugin not properly restricting access to pages via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected pages. The vendor has decided that they will not...

5.3CVSS6.4AI score0.00614EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.14 views

Slivery Extender <= 1.0.2 - Authenticated(Contributor+) Remote Code Execution via shortcode

Description The Slivery Extender plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the 'sliderthemesection' function. This is due to the use of calluserfunc on one of the shortcode attributes. This makes it possible for authenticated...

8.5CVSS7.9AI score0.00823EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.25 views

WP Social Widget < 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The WP Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

6.5CVSS5.9AI score0.00337EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/27 12:0 a.m.18 views

Gestpay for WooCommerce < 20240307 - Cross-Site Request Forgery (CSRF) via ajax_unset_default_card

Description The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxunsetdefaultcard' function. This makes it possible for unauthenticated attacker...

4.3CVSS4.6AI score0.00275EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/27 12:0 a.m.16 views

Yuki < 1.3.15 - Cross-Site Request Forgery to Theme Setting Reset

Description The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes...

4.3CVSS6.6AI score0.0021EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/27 12:0 a.m.16 views

Conversios < 7.0.8 - Subscriber+ SQL Injection via ee_syncProductCategory

Description The plugin is vulnerable to time-based SQL Injection via the eesyncProductCategory function using the parameters conditionData, valueData, productArray, exclude and include due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

8.8CVSS8.8AI score0.00701EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/27 12:0 a.m.19 views

Envo's Elementor Templates & Widgets for WooCommerce < 1.4.5 - Arbitrary Plugin Activation via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajaxpluginactivation function, allowing unauthenticated attackers to activate arbitrary installed plugins via a forged request granted they can trick a site administrator into...

4.3CVSS4.9AI score0.00275EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/27 12:0 a.m.19 views

ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Authenticated (Admin+) Cross-Site Scripting

Description The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.8CVSS5.6AI score0.0053EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/27 12:0 a.m.17 views

Custom fields shortcode <= 0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

Description The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it...

6.4CVSS5.6AI score0.00413EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/27 12:0 a.m.15 views

LifterLMS – WordPress LMS Plugin for eLearning < 7.5.2 - Missing Authorization via process_review

Description The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processreview' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attacker...

5.3CVSS6.5AI score0.00674EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/27 12:0 a.m.22 views

Payment Gateway for Telcell < 2.0.4 - Unauthenticated Open Redirect

Description The plugin does not validate the apiurl parameter before redirecting the user to its value, leading to an Open Redirect issue PoC https://localhost/wp-admin/admin.php?page=wc-settings=redirecttelcellformurl=https://www.google.com...

6.5AI score0.00464EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/27 12:0 a.m.18 views

Chat Bubble <= 2.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.00398EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/27 12:0 a.m.14 views

Coming Soon Page & Maintenance Mode < 2.2.2 - Maintenance Mode Bypass

Description The plugin is vulnerable to unauthorized access of data due to an improperly implemented URL check in the wpsmcomingsoonredirect function, allowing unauthenticated attackers to view a site with maintenance mode or coming-soon mode enabled to view the site's content...

5.3CVSS5.6AI score0.00465EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/27 12:0 a.m.9 views

Under Construction / Maintenance Mode from Acurax <= 2.6 - Authenticated (Subscriber+) Sensitive Information Exposure

Description The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acxcsmasubscribeajax' function. This can allow authenticated attackers to extract sensitive data such as names and...

6.5CVSS6.5AI score0.00494EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/27 12:0 a.m.12 views

Under Construction / Maintenance Mode from Acurax <= 2.6 - Information Exposure

Description The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages when...

5.3CVSS6.7AI score0.00479EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/27 12:0 a.m.17 views

Yuki < 1.3.14 - Missing Authorization to Authenticated (Subscriber+) Theme Setting Reset

Description The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS6.5AI score0.0034EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14603