Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.12 views

Shield Security – Smart Bot Blocking & Intrusion Prevention Security < 18.5.10 - Unauthenticated Local File Inclusion

Description The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the renderactiontemplate parameter. This makes it possible for unauthenticated attacker to include and...

7.5CVSS7.3AI score0.56567EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.16 views

Quiz Maker < 6.5.0.6 - Denial of Service

Description The Quiz Maker plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 6.5.0.5. The cause is unknown This makes it possible for attackers to potentially deny access to resources...

6.5CVSS6.9AI score0.00726EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.26 views

Total Upkeep < 1.15.9 - Improper Authorization to Unauthenticated Arbitrary File Download

Description The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check in all versions up to, and including, 1.15.8. This makes it possible for unauthenticated attackers to...

5CVSS7.1AI score0.00658EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.39 views

Happy Addons for Elementor < 3.10.2 - Missing Authorization via add_row_actions

Description The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the addrowactions function in versions up to, and including, 3.10.1. This makes it possible for authenticated attackers, with contributor-level access...

4CVSS6.8AI score0.00375EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.20 views

BookIt <= 2.4.0 - Price Bypass

Description The Booking Calendar | Appointment Booking | BookIt plugin for WordPress is vulnerable to Price Bypass in versions up to and including 2.4.0. This makes it possible for site owners to make use of premium plugin features without paying. Note that this does not meaningfully negatively...

6.4CVSS6.8AI score0.00482EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.21 views

All-In-One Security (AIOS) – Security and Firewall < 5.2.6 - Reflected Cross-Site Scripting

Description The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for...

5.8CVSS6.3AI score0.00555EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.16 views

Meta Box – WordPress Custom Fields Framework < 5.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Meta Box – WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin's shortcode in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escapin...

4.9CVSS5.8AI score0.00416EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.16 views

Quiz Maker < 6.5.2.5 - Missing Authorization to Unauthenticated Quiz Data Retrieval

Description The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aysshowresults function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which c...

5.3CVSS7.1AI score0.00549EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.19 views

Premium Addons for Elementor < 4.10.17 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access an...

4.9CVSS5.5AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.22 views

3D Tag Cloud <= 3.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Description The 3D Tag Cloud plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious JavaScript via a forged request...

8.8CVSS6.3AI score0.0023EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.14 views

WP Smart Editor <= 1.3.3 - Reflected Cross-Site Scripting

Description The WP Smart Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

7.1CVSS6.5AI score0.00372EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.15 views

Quiz Maker < 6.5.2.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Creation & Modification

Description The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aysquickstart and addquestionrows functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with...

4.3CVSS6.8AI score0.00359EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.19 views

EventPrime < 3.4.0 - Improper Input Validation via save_event_booking

Description The EventPrime plugin for WordPress is vulnerable to unauthorized modification of data due to improper input validation in the 'saveeventbooking' function in versions up to, and including, 3.3.9. This makes it possible for unauthenticated attackers to modify the price and other...

6.4CVSS6.5AI score0.00439EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.10 views

CalculatorPro Calculators <= 1.1.7 - Reflected Cross-Site Scripting via CP_preview_calc

Description The CalculatorPro Calculators plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in the 'CPpreviewcalc' function in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for...

5.8CVSS6.3AI score0.0033EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.19 views

Podlove Subscribe button < 1.3.11 - Authenticated (Contributor+) SQL Injection

Description The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS7.6AI score0.00657EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.24 views

TablePress < 2.2.5 - Authenticated(Author+) Server Side Request Forgery(SSRF) via _get_import_files

Description The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to and including 2.2.4 via the 'getimportfiles' function. This makes it possible for authenticated attackers, with author access and above, to make web...

3.3CVSS5.3AI score0.00549EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.16 views

MW WP Form < 5.1.0 - Editor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting in versions up to due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute...

4.9CVSS5.3AI score0.00317EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.13 views

JTRT Responsive Tables <= 4.1.9 - Cross-Site Request Forgery

Description The JTRT Responsive Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.9. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized acti...

4.3CVSS6.6AI score0.00227EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.19 views

Quicksand Post Filter jQuery Plugin <= 3.1.1 - Cross-Site Request Forgery via renderAdmin

Description The Quicksand Post Filter jQuery Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'renderAdmin' function. This makes it possible for unauthenticated attackers to...

4.3CVSS6.5AI score0.00214EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.10 views

Email Before Download <= 6.9.7 - Cross-Site Request Forgery

Description The Email Before Download plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.9.7. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forg...

4.3CVSS6.3AI score0.00277EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.20 views

WP-CFM < 1.7.9 - Cross-Site Request Forgery via multiple AJAX functions

Description The WP-CFM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.8. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to modify the plugin's setting...

4.3CVSS5.1AI score0.00218EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.12 views

Page Restrict <= 2.5.5 - Cross-Site Request Forgery via pr_admin_page

Description The Page Restrict plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the 'pradminpage' function. This makes it possible for unauthenticated attackers to modify the plugin...

4.3CVSS6.6AI score0.00227EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.13 views

Structured Content < 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Classic Editor Shortcode

Description The Structured Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Classic Editor shortcodes in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

4.9CVSS5.8AI score0.00317EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.20 views

BEAR < 1.1.4.1 - Missing Authorization via Several Functions

Description The BEAR plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the /ext/history/history.php file in versions up to, and including, 1.1.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4CVSS6.2AI score0.00382EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.10 views

PilotPress < 2.0.31 - Subscriber+ Report Access & DB Transients Purging

Description The plugin is vulnerable to unauthorized access to data and loss of data due to a missing capability check on multiple AJAX functions, allowing authenticated attackers, with subscriber access and above, to view reports and purge database transients...

9.3AI score0.00307EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.13 views

Quicksand Post Filter jQuery Plugin <= 3.1.1 - Missing Authorization via quicksand_admin_ajax

Description The Quicksand Post Filter jQuery Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'quicksandadminajax' function in versions up to, and including, 3.1.1. This makes it possible for unauthenticated attackers to delete...

5CVSS5.9AI score0.00359EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.19 views

Post Video Players < 1.160 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

5.8CVSS5.8AI score0.00197EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.19 views

Advanced Forms for ACF < 1.9.3.3 - Missing Authorization to Unauthenticated Form Settings Export

Description The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportjsonfile function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings...

5CVSS7AI score0.00562EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.15 views

Setka Editor <= 2.1.20 - Cross-Site Request Forgery via handleRequest

Description The A no-code page builder for beautiful performance-based content plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.20. This is due to missing or incorrect nonce validation on the 'handleRequest' function. This makes it possibl...

4.3CVSS6.6AI score0.00277EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.8 views

GDPR Data Request Form < 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The GDPR Data Request Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the formid parameter in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.9CVSS6AI score0.00317EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.13 views

Ultra Companion < 1.2.0 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...

4.9CVSS5.3AI score0.0031EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.11 views

PropertyHive < 2.0.7 - Missing Authorization via activate_pro_feature

Description The PropertyHive plugin for WordPress is vulnerable to unauthorized access of premium features due to a missing capability check on the activateprofeature function in versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to activate pro features...

4CVSS6.6AI score0.00321EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.22 views

Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently < 4.1.2 - Authenticated (Contributor+) PHP Object Injection in mep_event_meta_save

Description The Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.1 via deserialization of untrusted input in the mepeventmetasave function. This makes it possible for...

3.6CVSS8.3AI score0.00499EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.17 views

MultiVendorX Marketplace < 4.0.26 - Missing Authorization

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check, allowing unauthenticated attackers to call a function that should be accessible to higher users only...

7.1AI score0.00393EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.12 views

Knowledge Base for Documentation, FAQs with AI Assistance < 11.31.0 - Unauthenticated PHP Object Injection in is_article_recently_viewed

Description The Knowledge Base for Documentation, FAQs with AI Assistance plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 11.30.2 via deserialization of untrusted input in the isarticlerecentlyviewed function. This makes it possible for...

4.7CVSS7.7AI score0.00465EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.14 views

Shariff Wrapper < 4.6.10 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the...

7.8AI score0.00417EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.14 views

WooCommerce Box Office < 1.2.3 - Missing Authorization

Description The WooCommerce Box Office plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...

4CVSS6.7AI score0.00504EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.20 views

PowerPack Pro for Elementor < 2.10.8 - Missing Authorization to Settings Reset

Description The PowerPack Pro for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in all versions up to, and including, 2.10.6. This makes it possible for unauthenticated attackers to reset plugin settings...

6.4AI score0.00241EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.13 views

Mighty Addons for Elementor <= 1.9.3 - Reflected Cross-Site Scripting

Description The Mighty Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

5.8CVSS6.3AI score0.0033EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.16 views

BEAR < 1.1.4.1 - Authenticated (Shop manager+) Stored Cross-Site Scripting via Plugin Options

Description The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin options in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This...

4.3CVSS5.7AI score0.00316EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.21 views

WP Visitor Statistics (Real Time Traffic) < 6.9.5 - Sensitive Information Exposure via Log File

Description The WP Visitor Statistics Real Time Traffic plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.9.4. This makes it possible for unauthenticated attackers to extract sensitive data from log files...

5CVSS6.9AI score0.00453EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.11 views

Debug < 1.11 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins perform unwanted actions, such as clear logs, via CSRF attacks...

4.3CVSS4.9AI score0.00227EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.12 views

Scroll Triggered Box <= 2.3 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The Scroll Triggered Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to injec...

4.9CVSS5.8AI score0.00328EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.8 views

Add Customer for WooCommerce < 1.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Add Customer for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.3CVSS5.7AI score0.00316EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.14 views

PT Sign Ups <= 1.0.4 - Unauthenticated Stored Cross-Site Scripting

Description The PT Sign Ups plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...

5.8CVSS6AI score0.0033EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.11 views

Location Picker at Checkout for WooCommerce < 1.9.0 - Missing Authorization via checkout_map_rules_order_ajax_handler

Description The Location Picker at Checkout for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkoutmaprulesorderajaxhandler function in versions up to, and including, 1.8.9. This makes it possible for authenticated...

4CVSS6.7AI score0.00318EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.17 views

FG Drupal to WordPress < 3.68.0 - Cross-Site Request Forgery via ajax_importer

Description The FG Drupal to WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.67.0. This is due to missing or incorrect nonce validation on the ajaximporter function. This makes it possible for unauthenticated attackers to delete logs...

4.3CVSS6.5AI score0.00276EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.15 views

ERE Recently Viewed < 2.0 - Unauthenticated PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker...

7.5CVSS9.8AI score0.00646EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.17 views

WP Club Manager – WordPress Sports Club Plugin < 2.2.11 - Missing Authorization to Unauthenticated Event Permalink Update

Description The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers ...

5CVSS6.7AI score0.0051EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.17 views

PowerPack Pro for Elementor < 2.10.8 - Cross-Site Request Forgery to Plugin Settings Modification and Cross-Site Scripting

Description The PowerPack Pro for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions prior to 2.10.8. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to modify plugin settings and inject arbitrary web...

5.8CVSS6.2AI score0.0022EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14603