Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.18 views

WP Recipe Maker < 9.1.1 - Contributor+ Stored Cross-Site Scripting via icon_color

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprm-recipe-text-share' shortcode in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.6AI score0.00523EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.16 views

Essential Addons for Elementor < 5.9.5 - Contributor+ Stored Cross-Site Scritping

Description The plugin is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the custom login URL. This makes it possible for authenticated attackers with...

6.5CVSS5.9AI score0.00402EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.13 views

Fluent Forms < 5.1.7 - Admin+ Stored Cross-Site Scripting via imported form title

Description The plugin is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject...

4.3CVSS5.6AI score0.0054EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.18 views

User Profile Builder < 3.10.9 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppbtwofactorauthenticationsettingsupdate' function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA...

8.2CVSS7.1AI score0.02432EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.23 views

AI Engine < 2.1.5 - Editor+ Arbitrary File Upload via add_image_from_url

Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the 'addimagefromurl' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Editor access and above, to upload arbitrary files on the...

5.8CVSS8AI score0.01211EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.19 views

PDF Invoices & Packing Slips for WooCommerce < 3.7.6 - Shop Manager+ SQL Injection

Description The plugin is vulnerable to SQL Injection via the getnumbers function in all versions up to, and including, 3.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attacker...

7.6CVSS7.5AI score0.0058EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.21 views

WP Recipe Maker < 9.1.1 - Reflected Cross-Site Scripting via Referer

Description The plugin is vulnerable to Reflected Cross-Site Scripting via the ‘Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

6.1CVSS6.3AI score0.00679EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.9 views

WP Recipe Maker < 9.1.1 - Contributor+ Stored Cross-Site Scripting via Recipe Notes

Description The plugin is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject...

6.4CVSS5.6AI score0.00561EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.15 views

WP Recipe Maker < 9.1.1 - Contributor+ Stored Cross-Site Scripting via Shortcode

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS5.7AI score0.00335EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.11 views

Booking for Appointments and Events Calendar – Amelia < 1.0.94 - Contributor+ Stored Cross-Site Scripting via shortcode

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.0.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

4.9CVSS5.6AI score0.00523EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.10 views

WP Recipe Maker < 9.1.1 - Directory Traversal

Description The plugin is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files on the server, whi...

5.4CVSS6.4AI score0.0081EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.20 views

Better Anchor Links <= 1.7.5 - Cross-Site Request Forgery via admin/options.php

Description The Better Anchor Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.5. This is due to missing or incorrect nonce validation on the admin/options.php file. This makes it possible for unauthenticated attackers to update the...

7.1CVSS6.3AI score0.00176EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.20 views

Image Tag Manager <= 1.5 - Reflected Cross-Site Scripting via default_class

Description The Image Tag Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'defaultclass’ parameter in versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.2AI score0.00331EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.13 views

Cryptocurrency Widgets – Price Ticker & Coins List 2.0 - 2.6.5 - Unauthenticated SQL Injection

Description The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

5CVSS7.1AI score0.00945EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.13 views

HD Quiz < 1.8.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings

Description The HD Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.9CVSS5.6AI score0.00316EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.14 views

WOLF < 1.0.8.1 - Unauthenticated Stored Cross-Site Scripting via profile_title

Description The WOLF plugin for WordPress is vulnerable to stored Cross-Site Scripting via the ‘profiletitle’ parameter in versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.1CVSS6.3AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.18 views

Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting in New Chart

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Charts New Chart HTML 3...

7.7AI score0.0039EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.18 views

Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to "Charts Settings". 2...

7.7AI score0.0039EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.20 views

Splashscreen <= 0.20 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

9.3AI score0.00221EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.24 views

BA Plus <= 1.0.3 - Reflected Cross-Site Scripting

Description The BA Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.1CVSS6.2AI score0.00331EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.15 views

BP Profile Search < 5.6 - Reflected Cross-Site Scripting via BPS_FORM

Description The BP Profile Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ BPSFORM’ parameter in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.5AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.18 views

PeepSo Core: Photos < 6.3.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Description The PeepSo Core: Photos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to 6.3.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and...

6.5CVSS5.9AI score0.00317EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.25 views

GigPress <= 2.3.29 - Admin+ Stored Cross Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "GigPress Settings" 2...

4.9AI score0.00456EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.65 views

WPForms Pro < 1.8.5.4 - Unauthenticated Stored Cross-Site Scripting via Form Submission

Description The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

5.8CVSS6AI score0.0053EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.10 views

Browser Theme Color <= 1.3 - Cross-Site Request Forgery via btc_settings_page

Description The Browser Theme Color plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the 'btcsettingspage' function. This makes it possible for unauthenticated attackers to modify the...

8.8CVSS6.2AI score0.00214EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.15 views

Custom Dashboard Widgets <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via cdw_DashboardWidgets

Description The Custom Dashboard Widgets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the 'cdwDashboardWidgets' function. This makes it possible for unauthenticated attackers t...

8.8CVSS5.9AI score0.00194EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.19 views

Post views Stats <= 1.3 - Reflected Cross-Site Scripting via from and to

Description The Post views Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'from’ and 'to' parameters in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.2AI score0.00334EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.13 views

lasTunes <= 3.6.1 - Settings Update via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC...

8.6AI score0.00199EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.14 views

Frontpage Manager <= 1.3 - Cross-Site Request Forgery via admin_page

Description The Frontpage Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the 'adminpage' function. This makes it possible for unauthenticated attackers to change the plugin's...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.23 views

Stripe Payment Plugin for WooCommerce < 3.8.0 - Unauthenticated SQL Injection

Description The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

5CVSS7.5AI score0.02657EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.11 views

Shortcodes Finder < 1.5.5 - Reflected Cross-Site Scripting

Description The Shortcodes Finder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.2AI score0.00393EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.23 views

GeneratePress Premium < 2.4.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom Meta

Description The GeneratePress Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom meta output in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

4.9CVSS5.9AI score0.00416EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.13 views

Display custom fields in the frontend – Post and User Profile Fields < 1.3.0 - Authenticated (Contributor+) Code Injection

Description The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vgdisplaydata shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on access to that...

8.8CVSS7.5AI score0.01072EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.14 views

Stock Locations for WooCommerce < 2.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

Description The Stock Locations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.9AI score0.00358EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.14 views

Display custom fields in the frontend – Post and User Profile Fields < 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via vg_display_data

Description The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on...

6.4CVSS5.9AI score0.00416EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.16 views

Profile Builder Pro < 3.10.1 - Cross-Site Request Forgery

Description The Profile Builder Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.10.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged...

8.8CVSS6.7AI score0.00263EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.24 views

EditorsKit < 1.40.4 - Authenticated (Administrator+) Arbitrary File Upload

Description The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'importstyles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, t...

7.2CVSS7.6AI score0.0155EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.12 views

WP Spell Check < 9.18 - Cross-Site Request Forgery

Description The WP Spell Check plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.17. This is due to missing or incorrect nonce validation on the wpscxadminemptyrender function. This makes it possible for unauthenticated attackers to update an...

8.8CVSS6.1AI score0.00208EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.20 views

Profile Builder Pro < 3.10.1 - Reflected Cross-Site Scripting

Description The Profile Builder Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.3AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.17 views

CformsII < 15.0.7 - Unauthenticated Stored XSS

Description The plugin is vulnerable to stored Cross-Site Scripting via an unknown parameter due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an...

7.1CVSS7AI score0.00371EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.21 views

Unlimited Addons for WPBakery Page Builder <= 1.0.42 - Authenticated (Editor+) Arbitrary File Upload

Description The Unlimited Addons for WPBakery Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importZipFile' function in versions up to, and including, 1.0.42. This makes it possible for authenticated attackers with a role...

7.2CVSS7.9AI score0.01496EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.21 views

InstaWP Connect < 0.1.0.9 - Missing Authorization to Arbitrary Options Update

Description The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savemanagementsettings function in all versions up to, and including, 0.1.0.8. This makes it possible for authenticated...

6.1AI score0.01112EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.14 views

Constant Contact Forms by MailMunch < 2.1.0 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via an unknown parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will...

6.5CVSS5.4AI score0.00317EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.9 views

Display custom fields in the frontend – Post and User Profile Fields < 1.3.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta Disclosure

Description The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vgdisplaydata shortcode due to missing validation on a user controlled key. This makes it...

4.3CVSS6.6AI score0.00472EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.16 views

Profile Builder Pro < 3.10.1 - Authenticated (Subscriber+) Time-Based One-Time Password Sensitive Information Exposure

Description The Profile Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.10.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract a sensitive time-based one-time password TO...

7.5CVSS6.8AI score0.00492EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.8 views

Post Grid, Image Gallery & Portfolio for Elementor | PowerFolio < 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The Portfolio & Image Gallery for WordPress | PowerFolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.5CVSS5.9AI score0.00317EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.17 views

Smart Manager < 8.28.0 - Admin+ SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. PoC The vulnerability can be demonstrated using the following POST request: POST...

7AI score0.03301EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.14 views

SalesKing < 1.6.30 - Unauthenticated Sensitive Information Exposure

Description The salesking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.15. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...

7.5CVSS6.9AI score0.0052EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.11 views

Hreflang Manager < 1.07 - Cross-Site Request Forgery

Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.06. This is due to missing nonce validation in the /admin/view/connections.php file. This makes it possible for unauthenticated attackers to modify, delete, and clone connections via a forge...

6.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.13 views

WordPress Manutenção < 1.0.7 - IP Spoofing to Maintenance Mode Bypass

Description The plugin is vulnerable to IP Spoofing due to insufficient validation of IP addresses, allowing unauthenticated attackers to bypass the plugin's maintenance mode restriction via the 'X-Forwarded-For' HTTP header...

9.7AI score0.00432EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14602