Rest Api To Miniprogram Security Vulnerabilities and Issues — Rest Api To Miniprogram CVE List

Lucene search

JianboRest Api To Miniprogram

3 matches found

CVE•added 2023/08/16 12:15 p.m.•2481 views

CVE-2023-0551

The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments

5.4CVSS5.4AI score0.00051EPSS

CVE•added 2024/09/25 3:15 a.m.•64 views

CVE-2024-8485

The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validation on the 'openid' user controlled key that determines what user will be updated. This makes it poss...

9.8CVSS9.7AI score0.00265EPSS

CVE•added 2024/09/25 3:15 a.m.•63 views

CVE-2024-8484

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of suffi...

7.5CVSS7.8AI score0.73679EPSS