The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spl_upload_ser_img AJAX action (available to both unauthenticated and authenticated users), which could allow unauthenticated users to upload images.
5.3CVSS
5.2AI Score
0.002EPSS
The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spl_upload_ser_img AJAX action (available to authenticated users), which could allow any authenticated users, such as subscriber, to upload arbitrary images.
6.5CVSS
6.4AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List β Price Table Builder & QR Code Restaurant Menu.This issue affects Stylish Price List β Price Table Builder & QR Code Restaurant Menu: from n/a through 7.0.17.
9.8CVSS
9.4AI Score
0.001EPSS