Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Publishpress Security Vulnerabilities

cve
cve

CVE-2021-24783

The Post Expirator WordPress plugin before 2.6.0 does not have proper capability checks in place, which could allow users with a role as low as Contributor to schedule deletion of arbitrary posts.

6.5CVSS

6.3AI Score

0.001EPSS

2021-11-08 06:15 PM
26
cve
cve

CVE-2021-25032

The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a r...

9.8CVSS

9.4AI Score

0.001EPSS

2022-01-10 04:15 PM
36
In Wild
cve
cve

CVE-2022-3366

The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in ...

7.2CVSS

7AI Score

0.001EPSS

2022-10-31 04:15 PM
27
3