Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.23 views

EasyRecipe <= 3.5.3251 - Cross-Site Request Forgery

Description The EasyRecipe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3251. This is due to missing nonce validation on several functions such as the saveStyle and updateCustomCSS functions. This makes it possible for unauthenticated...

8.8CVSS9.2AI score0.00208EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.11 views

UserPro < 5.1.2 - Cross-Site Request Forgery via multiple functions

Description The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta an...

6.3CVSS7AI score0.00178EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.21 views

UserPro < 5.1.1 - Cross-Site Request Forgery to PHP Object Injection

Description The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'importsettings' function. This makes it possible for unauthenticated attackers to exploit PHP Object...

8.8CVSS7.1AI score0.0027EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.15 views

Image Hover Effects <= 5.5 - Cross-Site Request Forgery

Description The Image Hover Effects plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.5. This is due to missing or incorrect nonce validation on the savecaptionoptions function. This makes it possible for unauthenticated attackers to modify the...

8.8CVSS8.5AI score0.0028EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.20 views

Best Restaurant Menu by PriceListo <= 1.3.1 - Cross-Site Request Forgery via menu_page

Description The Best Restaurant Menu by PriceListo plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the menupage function. This makes it possible for unauthenticated attackers to modif...

8.8CVSS6.6AI score0.00269EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.15 views

Legal Pages < 1.3.9 - Cross-Site Request Forgery via moveToTrash and fetch_and_insert_template_data

Description The Legal Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.8. This is due to missing or incorrect nonce validation on the moveToTrash and fetchandinserttemplatedata functions. This makes it possible for unauthenticated...

8.8CVSS6.6AI score0.00254EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.12 views

UserPro < 5.1.2 - Cross-Site Request Forgery to Sensitive Information Exposure

Description The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'exportusers' function. This makes it possible for unauthenticated attackers to export the users to a csv...

6.1CVSS6.7AI score0.00181EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.13 views

Copy Or Move Comments <= 5.0.4 - Authenticated (Subscriber+) SQL Injection

Description The Copy Or Move Comments plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

9.8CVSS7.5AI score0.00554EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.13 views

Blog Filter < 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.0044EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.11 views

Digirisk 6.0.0.0 - Reflected Cross-Site Scripting

Description The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'currentgroupid' parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS6.5AI score0.00374EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.14 views

CPO Shortcodes <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00434EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.11 views

CallRail Phone Call Tracking < 0.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The CallRail Phone Call Tracking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callrailform' shortcode in versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on the 'formid' user supplied attribute. This makes it...

6.4CVSS5.9AI score0.0044EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.10 views

ICS Calendar < 10.12.0.2 - Authenticated(Contributor+) Directory Traversal via _url_get_contents

Description The ICS Calendar plugin for WordPress is vulnerable to Directory Traversal in all versions up, and including, 10.12.0.1 via the urlgetcontents function. This makes it possible for authenticated attackers, with contributor access and above, to read the contents of arbitrary files on th...

6.7AI score0.00499EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.18 views

Website Optimization – Plerdy < 1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Website Optimization – Plerdy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tracking code settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.8CVSS6AI score0.00495EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.12 views

Funnelforms Free < 3.4.2 - Cross-Site Request Forgery to Arbitrary Post Duplication

Description The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfcopyposts function. This makes it possible for unauthenticated attackers to create copies of...

6.5CVSS9.1AI score0.0027EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.25 views

LayerSlider < 7.7.10 - Cross-Site Request Forgery

Description The LayerSlider plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.7.9. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function via a...

8.8CVSS6.7AI score0.00254EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.18 views

Live Preview for Contact Form 7 <= 1.2.0 - Missing Authorization via update_option

Description The Live Preview for Contact Form 7 plugin for WordPress is vulnerable to unauthorized plugin option update due to a missing capability check on the updateoption function in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber acces...

6.7AI score0.00371EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.7 views

WP Custom Admin Interface < 7.32 - Missing Authorization via wpcai_pro_notice_disable

Description The WP Custom Admin Interface plugin for WordPress is vulnerable to unauthorized admin notice dismissal due to a missing capability check on the wpcaipronoticedisable function in versions up to, and including, 7.31. This makes it possible for authenticated attackers, with...

6.7AI score0.00357EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.9 views

WP Users Media <= 4.2.3 - Missing Authorization via wpusme_save_settings

Description The WP Users Media plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpusmesavesettings function in versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber-level permission...

6.1AI score0.0035EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.19 views

miniorange otp verification < 4.2.2 - Missing Authorization via dismiss_notice

Description The miniorange otp verification plugin for WordPress is vulnerable to unauthorized admin notice dismissal due to a missing capability check on the dismissnotice function in versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with subscriber-level...

6.7AI score0.00328EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.14 views

BetterDocs < 2.5.3 - Missing Authorization via AJAX actions

Description The BetterDocs plugin for WordPress is vulnerable to unauthorized document modification due to a missing capability check on several AJAX functions in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

6.7AI score0.00328EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.9 views

Ni WooCommerce Sales Report <= 3.7.3 - Missing Authorization via ajax_sales_order

Description The Ni WooCommerce Sales Report plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxsalesorder' function in versions up to, and including, 3.7.3. This makes it possible for authenticated attackers, with subscriber-level acces...

9.2AI score0.00429EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.17 views

WPCafe < 2.2.23 - Missing Authorization

Description The plugin is vulnerable to unauthorized access, modification, or loss of data due to a missing capability check on an unknown function, allowing unauthenticated attackers to make use of the unprotected functionality...

9.4AI score0.0049EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.9 views

Acme Fix Images <= 1.0.0 - Missing Authorization via acme_fix_images_ajax_callback

Description The Acme Fix Images plugin for WordPress is vulnerable to unauthorized access to the acmefiximagesajaxcallback function in versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to resize images...

6.8AI score0.00328EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.15 views

Restaurant & Cafe Addon for Elementor < 1.5.4 - Missing Authorization via multiple AJAX functions

Description The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to unauthorizedmodification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to update the...

7AI score0.00475EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.17 views

FormCraft < 1.2.8 - Missing Authorization via formcraft_nag_update

Description The FormCraft plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the formcraftnagupdate AJAX nopriv function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to delay or disable upda...

7AI score0.00371EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.24 views

SearchIQ < 4.5 - Unauthenticated Sensitive Information Disclosure

Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the getSIQPluginSettings function, allowing unauthenticated attackers to view information such as the plugin settings, theme, and WordPress and PHP version...

9.3AI score0.00409EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.14 views

WRC Pricing Tables < 2.3.8 - Missing Authorization

Description The WRC Pricing Tables plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on several functions including wrcptprocesspackagefeatures, wrcpteditpricingpackages, wrcptactivatetemplate and others in versions up to, and including, 2.3.7...

6.9AI score0.00511EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.23 views

MP3 Audio Player for Music, Radio & Podcast by Sonaar < 4.10.1 - Missing Authorization to Template Import

Description The MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the importsrmp3template function in all versions up to, and including, 4.10. This makes it possible for authenticated...

6.7AI score0.0042EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.12 views

WP Like Button <= 1.7.0 - Missing Authorization via crublabFBLBAjax

Description The WP Like Button plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the crublabFBLBAjax function in versions up to, and including, 1.7.0. This makes it possible for authenticated attackers, with subscriber-level access and...

6.1AI score0.00328EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.15 views

Namaste! LMS < 2.6.1.2 - Reflected Cross-Site Scripting

Description The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'courseid' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.5AI score0.00667EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.13 views

Ultimate Addons for Contact Form 7 < 3.2.11 - Missing Authorization

Description The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the uacf7databaseexportcsv function hooked via init in versions up to, and including, 3.2.10. This makes it possible for unauthenticated...

6.9AI score0.0051EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.14 views

Information Reel < 10.1 - Authenticated (Subscriber+) SQL Injection via Shortcode

Description The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

8.8CVSS7.5AI score0.00797EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.23 views

ARI Stream Quiz < 1.3.0 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

6.5CVSS8.2AI score0.00377EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.35 views

Slider Revolution < 6.6.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...

6.5CVSS5.9AI score0.00386EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.19 views

Parcel Pro < 1.6.12 - Open Redirect

Description The plugin does not validate the redirect parameter before redirecting the user to its value, leading to an Open Redirect issue...

6.1CVSS6.5AI score0.00414EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.16 views

Foyer <= 1.7.5 - Content Injection via Improper Access Control

Description The Foyer – Digital Signage for WordPress plugin for WordPress is vulnerable to unauthorized content injection due to an insufficient capability check on the editing functionality in all versions up to, and including, 1.7.5. This makes it possible for authenticated attackers, with...

7AI score0.00183EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.31 views

Olive One Click Demo Import <= 1.0.9 - Authenticated (Administrator+) Arbitrary File Upload in olive_one_click_demo_import_save_file

Description The Olive One Click Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the oliveoneclickdemoimportsavefile function in versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with...

9.1CVSS8AI score0.0064EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.21 views

LuckyWP Scripts Control <= 1.2.1 - Missing Authorization

Description The LuckyWP Scripts Control plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform...

6.7AI score0.00249EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.14 views

Easy Call Now by ThikShare <= 1.1.0 - Cross-Site Request Forgery via settings_page

Description The Easy Call Now by ThikShare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the settingspage function. This makes it possible for unauthenticated attackers to modify th...

8.8CVSS6.6AI score0.00261EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.32 views

UserPro < 5.1.2 - Sensitive Information Disclosure via Shortcode

Description The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible fo...

6.5CVSS6.4AI score0.00849EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.37 views

UserPro < 5.1.2 - Insecure Password Reset Mechanism

Description The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function userproprocessform. The function uses...

9.8CVSS8.2AI score0.00903EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.32 views

UserPro < 5.1.2 - Authentication Bypass to Administrator

Description The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log ...

9.8CVSS7.2AI score0.06801EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.30 views

UserPro < 5.1.5 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template

Description The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An...

6.5CVSS6.8AI score0.00903EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.9 views

Drop Shadow Boxes < 1.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Drop Shadow Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dropshadowbox' shortcode in versions up to, and including, 1.7.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

6.4CVSS5.9AI score0.00544EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.17 views

Bus Ticket Booking with Seat Reservation < 5.2.6 - Unauthenticated Cross-Site Scripting

Description The Bus Ticket Booking with Seat Reservation – WpBusTicketly | WordPress plugin plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.1CVSS6.5AI score0.00404EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.15 views

Daily Prayer Time < 2023.10.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The Daily Prayer Time plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2023.10.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.5CVSS5.9AI score0.00386EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.17 views

Remove Add to Cart WooCommerce <= 1.4.4 - Cross-Site Request Forgery to Settings Modification

Description The Remove Add to Cart WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ratcwprolebasesavedata function. This makes it possible for unauthenticated attacker...

8.8CVSS9.2AI score0.00261EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.20 views

CodeBard's Patron Button and Widgets for Patreon < 2.2.0 - Cross-Site Request Forgery

Description The CodeBard's Patron Button and Widgets for Patreon plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.9. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated...

8.8CVSS6.7AI score0.00256EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.17 views

Nexter Extension < 2.0.4 - Authenticated(Editor+) Remote Code Execution via metabox

Description The Nexter Extension plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.3 via the nxt-code-php-snippet metabox. This allows authenticated attackers with editor-level privileges and above to execute code on the server...

9.1CVSS8AI score0.00577EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14602