Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Wpcode Security Vulnerabilities

cve
cve

CVE-2023-0328

The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete ...

4.3CVSS

4.6AI Score

0.001EPSS

2023-03-06 02:15 PM
30
cve
cve

CVE-2023-1624

The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outs...

6.5CVSS

6.7AI Score

0.001EPSS

2023-04-24 07:15 PM
34
cve
cve

CVE-2023-3524

The WPCode WordPress plugin before 2.0.13.1 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting

6.1CVSS

6AI Score

0.001EPSS

2023-08-07 03:15 PM
55