Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.21 views

Blocksy < 2.0.20 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via headers/footers in all versions up to, and including, 2.0.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to...

4.9CVSS5.8AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.24 views

CP Polls < 1.0.72 - Unauthenticated Content Injection

Description The Polls CP plugin for WordPress is vulnerable to content injection in all versions up to, and including, 1.0.71. This is due to insufficient validation on poll answers. This makes it possible for unauthenticated attackers to inject arbitrary content...

5CVSS7.1AI score0.00413EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.16 views

RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator < 4.4.2 - Missing Authorization

Description The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it...

4CVSS6.7AI score0.0045EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.16 views

Customer Reviews for WooCommerce < 5.39.0 - Improper Authorization via submit_review

Description The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submitreview' function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit...

5CVSS6.7AI score0.00409EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.16 views

Awesome Support – WordPress HelpDesk & Support Plugin < 6.1.8 - Missing Authorization via wpas_get_users()

Description The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpasgetusers function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated...

4CVSS6.4AI score0.00429EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.18 views

Prime Slider – Addons For Elementor < 3.11.11 - Incorrect Authorization via bdt_duplicate_as_draft

Description The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bdtduplicateasdraft function in versions up to, and including, 3.11.10. This makes it possible for authenticated attackers, with...

4CVSS6.5AI score0.0035EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.10 views

Starbox < 3.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Display Name and Social Settings

Description The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

4.9CVSS5.9AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.18 views

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) < 2.7.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The PowerPack Addons for Elementor Free Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's buttons in all versions up to, and including, 2.7.14 due to insufficient input sanitization and output escaping on user supplied...

4.9CVSS5.7AI score0.00423EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.17 views

Elementor Website Builder – More than Just a Page Builder < 3.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via get_image_alt

Description The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $instancealt parameter in the getimagealt function in all versions up to, and including, 3.18.3 due to insufficient input sanitization and output...

6.4CVSS6AI score0.00467EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.13 views

Royal Elementor Addons and Templates < 1.3.88 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via element URL parameters in all versions up to, and including, 1.3.87 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00481EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.64 views

Elementor < 3.19.1 - Authenticated(Contributor+) Arbitrary File Deletion and PHAR Deserialization

Description The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to arbitrary file deletions and PHAR deserialization in version up to, and including 3.19.0. This is due to the plugin not providing sufficient path validation on the 'tmpname' parameter...

8.5CVSS7.4AI score0.00715EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/08 12:0 a.m.24 views

CP Polls < 1.0.72 - Unauthenticated Poll Limit Bypass

Description The Polls CP plugin for WordPress is vulnerable to Poll Limit Bypass in all versions up to, and including, 1.0.71. This is due to insufficient controls on on the voting system. This makes it possible for unauthenticated attackers to vote multiple times...

5CVSS6.7AI score0.0042EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/08 12:0 a.m.21 views

Event Tickets and Registration < 5.8.1 - Contributor+ Arbitrary Events Access

Description The plugin does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. e.g. draft, private, pending review, pw-protected, and trashed events. PoC 1. ADMIN: Install Event Tickets 2. ADMIN: Install Event Tickets...

6.3AI score0.00604EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/08 12:0 a.m.12 views

Product Labels For Woocommerce < 1.5.4 - Authenticated (Shop manager+) Stored Cross-Site Scripting

Description The Product Labels For Woocommerce Sale Badges plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘'badgeLabel' parameter in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for...

4.9CVSS5.7AI score0.00307EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/08 12:0 a.m.16 views

Contact Form 7 Connector < 1.2.3 - Cross-Site Request Forgery

Description The Contact Form 7 Connector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on several function. This makes it possible for unauthenticated attackers to perform unauthorized...

4.3CVSS6.6AI score0.00214EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/08 12:0 a.m.10 views

Apollo13 Framework Extensions < 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Apollo13 Framework Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6CVSS5.7AI score0.00317EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/08 12:0 a.m.23 views

Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin < 3.3.51 - Missing Authorization to Unauthenticated Events Export

Description The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdata function in all versions up to, and including, 3.3.50. This makes it possible for...

5CVSS7AI score0.00471EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/08 12:0 a.m.25 views

Portugal CTT Tracking for WooCommerce < 2.2 - Reflected Cross-Site Scripting

Description The Portugal CTT Tracking for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

5.8CVSS6.3AI score0.00334EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/08 12:0 a.m.15 views

Woocommerce Vietnam Checkout < 2.0.8 - Authenticated (Shop manager+) Stored Cross-Site Scripting

Description The Woocommerce Vietnam Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $currency variable in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

5.4CVSS5.7AI score0.00315EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/08 12:0 a.m.26 views

Link Library < 7.6 - Cross-Site Request Forgery via action_admin_init

Description The Link Library plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.5.13. This is due to missing or incorrect nonce validation on the actionadmininit function. This makes it possible for unauthenticated attackers to dismissing a notice...

4.3CVSS6.6AI score0.00214EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/08 12:0 a.m.14 views

Internal Link Juicer < 2.23.5 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'iljsettingsfieldlinksperpage' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping...

4.8CVSS5.8AI score0.00301EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/08 12:0 a.m.18 views

Passster – Password Protect Pages and Content < 4.2.6.3 - Missing Authorization to Sensitive Information Exposure

Description The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for unauthenticated attackers to obtain post titles, slugs, IDs, content and other...

5CVSS6.6AI score0.00486EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/08 12:0 a.m.22 views

Coupon Referral Program <= 1.7.2 - Unauthenticated PHP Object Injection

Description The Coupon Referral Program plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.2 via deserialization of untrusted input. This makes it possible for unuathenitcated attackers. to inject a PHP Object. No known POP chain is present in the...

7.5CVSS7.3AI score0.00767EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/08 12:0 a.m.11 views

Link Library < 7.6 - Reflected Cross-Site Scripting via 'link_price' and 'link_tags'

Description The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'linkprice' and 'linktags' parameters in versions up to, and including, 7.5.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

6.8CVSS6.5AI score0.00375EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/08 12:0 a.m.24 views

WP SMS < 6.5.3 - Reflected Cross-Site Scripting via 'page'

Description The WP SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in versions up to, and including, 6.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.8CVSS6.5AI score0.00375EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/08 12:0 a.m.18 views

Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure

Description The plugin does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. e.g. draft, private, pending review, password-protected, and trashed posts. PoC 1. ADMIN: Install Event Tickets 2. ADMIN: Install Event Tickets...

6.3AI score0.00456EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/08 12:0 a.m.17 views

Contest Gallery < 21.2.9 - Cross-Site Request Forgery

Description The Contest Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 21.2.8.4. This is due to missing or incorrect nonce validation in the prev10/prev10-admin/gallery/gallery.php file. This makes it possible for unauthenticated attacke...

5.8CVSS6.3AI score0.00208EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/08 12:0 a.m.19 views

Wonder Slider Lite < 14.0 - Reflected Cross-Site Scripting via 'page'

Description The Wonder Slider Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in versions up to, and including, 13.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

5.8CVSS6.3AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/08 12:0 a.m.18 views

Themify Builder < 7.0.6 - Cross-Site Request Forgery

Description The Themify Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.0.5. This is due to missing or incorrect nonce validation on the cachemenu function. This makes it possible for unauthenticated attackers to clear cache via a forge...

4.3CVSS6.3AI score0.00214EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.18 views

ImageRecycle pdf & image compression < 3.1.14 - Cross-Site Request Forgery to Plugin Data Removal in reinitialize

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the reinitialize function. This makes it possible for unauthenticated attacke...

4.3CVSS6.6AI score0.00208EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.20 views

Simple Page Access Restriction < 1.0.23 - Improper Access Control to Sensitive Information Exposure via REST API

Description The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content...

5CVSS6.8AI score0.00482EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.39 views

Matomo < 5.0.1 - Reflected Cross-Site Scripting via idsite

Description The Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS6.2AI score0.00499EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.15 views

ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Settings Update in stopOptimizeAll

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stopOptimizeAll function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...

4.3CVSS6.6AI score0.00347EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.17 views

ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Plugin Data Removal in reinitialize

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reinitialize function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...

4.3CVSS6.3AI score0.00347EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.10 views

ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Settings Update in optimizeAllOn

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...

4.3CVSS6.3AI score0.00428EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.24 views

Booking Calendar < 9.9.1 - Unauthenticated SQL Injection

Description The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendarrequestparamsdatesddmmyycsv' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

9.8CVSS7.5AI score0.03151EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.20 views

ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Settings Update in disableOptimization

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...

4.3CVSS6.3AI score0.00372EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.17 views

WP-Mobile-BankID-Integration < 1.0.1 - PHP Object Injection

Description The WP-Mobile-BankID-Integration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and excluding, 1.0.1 via deserialization of untrusted input through the getAuthResponseFromDB function. This makes it possible for attackers to inject a PHP Object. No known...

9.8CVSS7.5AI score0.00546EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.18 views

ImageRecycle pdf & image compression < 3.1.14 - Cross-Site Request Forgery to Settings Update in stopOptimizeAll

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it possible for unauthenticated...

4.3CVSS6.6AI score0.00208EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.11 views

ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Settings Update in enableOptimization

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...

4.3CVSS6.7AI score0.00372EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.14 views

ImageRecycle pdf & image compression < 3.1.14 - Cross-Site Request Forgery to Settings Update in disableOptimization

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the disableOptimization function. This makes it possible for unauthenticated...

4.3CVSS6.6AI score0.0021EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.14 views

Elementor Addons by Livemesh < 8.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom class field in all versions up to, and including, 8.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

6.4CVSS5.7AI score0.00429EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.23 views

PPWP – Password Protect Pages < 1.9.0 - Protection Mechanism Bypass

Description The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for unauthenticated attackers to obtain post titles, IDs, slugs as well as other information including for...

5.3CVSS6.4AI score0.00486EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.16 views

Payment Forms for Paystack <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.9AI score0.00525EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.11 views

ImageRecycle pdf & image compression < 3.1.14 - Cross-Site Request Forgery to Settings Update in enableOptimization

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the enableOptimization function. This makes it possible for unauthenticated...

4.3CVSS6.6AI score0.00246EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.18 views

WP Recipe Maker < 9.2.0 - Missing Authorization to Authenticated (Subscriber+) SQL Injecton

Description The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the 'recipes' parameter in all versions up to, and including, 9.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS7.1AI score0.0074EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.15 views

ImageRecycle pdf & image compression < 3.1.14 - Cross-Site Request Forgery to Settings Update in optimizeAllOn

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possible for unauthenticated...

4.3CVSS6.6AI score0.00208EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.15 views

Podlove Podcast Publisher < 4.0.12 - Missing Authorization to Unauthenticated Data Export

Description The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the initdownload and init functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the...

5CVSS6.9AI score0.00553EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.12 views

Podlove Podcast Publisher < 4.0.12 - Missing Authorization to Settings Import

Description The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settin...

5CVSS6.9AI score0.00524EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.22 views

Cloudflare < 4.12.3 - Missing Authorization via initProxy

Description The Cloudflare plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'initProxy' function in versions up to and including 4.12.2. This makes it possible for authenticated attackers, with subscriber access and above, to send requests...

8.1CVSS6.8AI score0.00848EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14603